Cybersecurity Compliance Analyst – Deloitte – Princeton, NJ
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting edge products and services that deliver outstanding value and that are global in vision and scope? Work with premiere thought leaders in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?
Want to make an impact that matters? Consider Deloitte Global.
Work You’ll Do
As part of the Global Cybersecurity team, this professional will have the following responsibilities:
- Execute cybersecurity controls testing across the Deloitte network to determine control effectiveness and adherence to both internal cybersecurity policies and standards and external requirements (e.g. certifications, laws, regulations and contracts)
- Generate analysis and reporting based on assessment results and feedback from Global and Member Firms
- Maintain the Cybersecurity Integrated Controls Library (ICL) as agreed with other team members and relevant governance bodies
- Extract controls from new standard statements to provide detailed compliance criteria
- Support and execute the compliance processes using the compliance tool (ServiceNow GRC)
- Respond to Member Firm and DTTL queries regarding compliance processes, roles and responsibilities, and relevant features and functionality within the ServiceNow GRC tool
- Review and validate Member Firm and DTTL responses to compliance assessments, including evidence provided to demonstrate effectiveness of controls, requesting additional information where required
- Conduct deep dive assessments to verify the effectiveness of specific Member Firm controls, in agreement with other team members, and provide constructive recommendations, findings and observations where required
- Review and validate Member Firm and DTTL action plans, providing constructive recommendations and feedback to ensure that identified issues are remediated in a timely manner
- Respond to and investigate alerts generated by the ServiceNow GRC tool, raising issues and working with Member Firms and other stakeholders to define action plans as necessary
- Track and monitor implementation of action plans to ensure remediation of identified issues Identify requirements to validate remediation has been successful
- Provide reporting on Member Firm and DTTL compliance using the ServiceNow GRC tool, and generate specific compliance reports for Member Firms and DTTL
- Create and manage assessment schedule based on identified scope
- Generate communication plan for all assessments to Member Firms as well as Leadership
- Develop and maintain relationships with cybersecurity, technology, legal, and risk leaders within DTTL and its member firms
- Provide advice and support to Member Firms and DTTL as required to ensure compliance processes, roles and responsibilities and the features and functionality in the ServiceNow GRC tool are understood
- Provide advice and support to Member Firms and DTTL Service Teams to define and implement action plans to remediate identified issues
What you’ll be part of – our Deloitte Global Culture:
- Bachelor’s degree: degree in business administration, a technology-related field, or equivalent education-related experience
- Minimum of 2-4 years of combined experience in the Information Security / Cybersecurity domain ideally with a focus on governance, risk and compliance
- At least 2 years’ experience working on a team responsible for cybersecurity compliance management, audit or assurance
- Experience assessing and managing compliance against agreed standards at the level of individual security controls (administrative, technical / logical, physical)
- Experience managing and supporting compliance relationships, providing constructive recommendations and advice where required to ensure a collaborative compliance relationship
- Professional security management certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ISO27001 Lead Auditor or other similar credentials
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security topics, and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
- Broad technical and nontechnical understanding encompassing the design, implementation and operation of administrative, technical / logical and physical security controls across systems, infrastructure and applications
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
- Experience interacting, presenting and working with senior management
- Experience with ServiceNow GRC, Archer or equivalent GRC tools is strongly desirable.
- Ability to travel as needed up to 20%
Need Security Training? Certifications at Your Own Pace
- IBM Cybersecurity Analyst Professional CertificateIntroduction to Cybersecurity Tools & Cyber Attacks by IBM
- Generative Adversarial Networks (GANs) Specialization from DeepLearning.AI
- Agile Leadership Specialization from the University of Colorado
- International Cyber Conflicts from the State University of New York (SUNY)
- IT Fundamentals for Cybersecurity Specialization by IBM
- Google Cloud Security Professional Certificate from Google Cloud
- Google Cloud Networking Professional Certificate from Google Cloud
- Introduction to Blockchain Specialization from Association of International Certified Professional Accountants
Note: Purchases you make through our links may earn us a commission.
How You’ll Grow
Who you’ll work with:
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.
Benefits You’ll Receive
Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do — that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers’ site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com
Requisition code: D72282
- Information Technology & Services
- Management Consulting
- Information Technology