Cyber Risk & Exceptions Management, Analyst, Deloitte Global Technology

Deloitte is a leading professional services firm in Canada, committed to making a positive impact for all Canadians. The Cyber Risk & Exceptions Management, Analyst will govern cyber risks, collaborate with teams to manage cyber security risk assessments, and provide leadership during the exceptions process.

Responsibilities

• Actively govern cyber risks in the Deloitte Technology Cyber Risk Register and partner effectively with Deloitte teams to facilitate cyber security risk reviews and analysis
• Maintain the Deloitte Cyber Risk Framework, ensuring alignment with the Deloitte Enterprise Risk Framework
• Collaborate with teams across Cyber to identify, assess, mitigate and manage cyber risks within their respective lines of business within the Deloitte Technology Cyber Risk Register
• Empower Deloitte Technology teams to establish cyber risk ownership and agree on acceptable risk levels aligned with their risk appetite
• Review, test, and constructively challenge Deloitte Technology cyber teams on their cyber security risk assessments, including risk mitigation and management responses to ensure risks have been effectively remediated
• Service, prioritize, analyze, and process Global Cyber standard exception requests by reviewing policy requirements, security standards, system and Deloitte firm architecture, designs, and materials
• Coordinate efforts to ensure all necessary information has been provided for the proper review of exceptions
• Offer leadership and guidance to teams during the cyber security exceptions process
• Make informed risk decisions based on Global exceptions being requested and the potential risk this poses to Deloitte firms
• Create analysis presentations of exceptions and reports, highlighting and outlining potential risks to Deloitte firms to Cyber security, Risk, and Technology leadership teams
• Perform and provide quality and timely performance of exception evaluations, recommendations, and reports
• Participate in the development of security policies and standards exception management processes
• Contribute to the continuous improvement of established security policies and standards exception management processes
• Collaborate with teams across Deloitte Technology and Deloitte firms to reduce exposure to cyber risk across the enterprise
• Evolve and manage relationships with cybersecurity, technology, legal, and risk leaders across Deloitte Technology and Deloitte firms
• Develop and maintain relationships with primary exceptions management leaders across Deloitte firms
• Serve as a trusted advisor to solution architects, developers, technical risk analysts and others on information security principles, policies, standards, and best practices
• Work effectively with individuals at various levels of seniority within the cyber organization, fostering a collaborative and team-based approach to Cybersecurity data lake development and utilization

Skills

• Bachelor's degree: degree in a technology-related field, or equivalent education related experience
• Relevant experience in cybersecurity risk management, governance, and exceptions management within organizations of a similar scale to Deloitte
• Experience in the identification and evaluation of cyber risk, as well as using GRC tools and guidance developed for risk mitigation
• Experience in security policies and standards exception management
• Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32
• Strong knowledge of cyber controls, policies, and procedures
• Demonstrate analytical and problem-solving skills
• Ability to communicate risks associated with complicated security-related concepts to technical and non-technical audiences
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and non-technical audiences at various hierarchical levels
• Relevant certifications such as CISSP, CISM, or CRISC are preferred

Benefits

• $4,000 per year for mental health support benefits
• $1,300 flexible benefit spending account
• Firm-wide closures known as "Deloitte Days"
• Dedicated days of for learning (known as Development and Innovation Days)
• Flexible work arrangements
• Hybrid work structure

Company Overview