Overview
As a SIRC Senior Analyst within Deloitte Technology’s Cybersecurity, Governance, Risk and Compliance team, you will play a pivotal role in addressing client security inquiries for our member firms, clients and regulators.
Responsibilities
* Address member firm, client, regulatory and audit‑related information security requests.
* Identify, gather and pre‑populate responses using Standard Answer Banks (SABs).
* Determine remaining questions needing consultation with Management, Client Security Leads (CSLs) or Subject Matter Experts (SMEs).
* Ensure the quality and consistency of work performed by other team members.
* Assign and plan tasks for other team members.
* Highlight and address issues in SABs and assist with their maintenance, improving quality of responses and expanding scope as necessary.
* Support service queue and mailbox rotation for consistent coverage.
* Analyze and evaluate security requests, internal/external assessments, and audits.
* Coordinate internal/external audit requests, including scoping, data gathering and refinement.
* Assist with evidence gathering and sanitization activities.
* Build strong relationships with internal stakeholders and maintain regular communication with the management team, member firm CSLs and various SMEs to improve deliverable quality.
* Contribute to the development of best practices and stay up to date on global security policies, standards and technology.
Qualifications
* Bachelor’s Degree or higher in business administration (or equivalent), a technology‑related field, or equivalent experience.
* Relevant demonstrated experience in applying leading practices in a large‑scale Information Security.
* Basic knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management.
* Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
* Basic knowledge of GRC tools (e.g., ServiceNow).
* Strong analytical and problem‑solving skills.
#J-18808-Ljbffr