Senior Consultant Manager Cyber Extended Enterprise
Job description / Role
Employment: Full Time
About Deloitte
When you work for us, you commit to a career at one of the largest and most prestigious professional services firms in the world. We have received numerous awards over the last few years, including Best Employer in the Middle East, Best Consulting Firm, and the Middle East Training & Development Excellence Award.
Our Purpose
Deloitte makes an impact that matters. Every day we challenge ourselves to do what matters most/u2014for clients, for our people, and for society. We serve clients distinctively, bringing innovative insights, solving complex challenges, and unlocking sustainable growth.We inspire our talented professionals to deliver outstanding value to clients, providing an exceptional career experience and an inclusive and collaborative culture. We contribute to society, building confidence and trust in the markets, upholding the integrity of organizations, and supporting our communities.
Our shared values guide the way we behave to make a positive, enduring impact:
- Lead the way
- Serve with integrity
- Take care of each other
- Foster inclusion
- Collaborate for measurable impact
- Strong technical knowledge of cybersecurity domains (Governance, Compliance, Risk Management, Identity and Access Management, Data Security, Cryptography, Network Security, Cloud Security, Endpoint Security, Business Continuity Management, Operational Technology, Data Lifecycle Management, etc.)
- Strong technical knowledge of third party cybersecurity risk management frameworks, IT governance frameworks, regulatory requirements, and best practices.
- Strong technical experience conducting and managing third party cybersecurity assessments.
- Hands-on experience with security frameworks such as ISO 27001, PCI, NCA, SAMA CSF, NIST, etc.
- Knowledge of relevant laws and regulations such as NESA ISR, UAE PDPL, GDPR, HIPAA, SOX, etc.
- Lead and manage cybersecurity and data privacy controls assessments on third parties and vendors in line with industry, regional and international best standards and regulations e.g. NIST CSF, ISO 27001, UAE-NESA and Information Security Regulation (ISR), GDPR and UAE PDPL.
- Coordinate scheduling, evidence collection, and responses with third party point of contact.
- Collect and review control evidence and analyze third party information and data.
- Review independent assurance reports and certifications (e.g. SOC1 & 2, ISO 27001).
- Support contract reviews and negotiations over cybersecurity requirements and clauses by working closely with procurement and legal teams.
- Provide guidance and support team in performing risk assessments to evaluate inherent and residual cybersecurity risks. Analyze the likelihood and potential impact of identified risks using qualitative and quantitative methods.
- Determine adequate treatment plans for identified risks and control gaps, detailing findings, recommendations, and mitigation strategies.
- Develop action plans and timelines for implementing risk controls and track remediation plans to reduce identified risks and close control gaps.
- Collaborate with stakeholders and relevant business departments to implement risk mitigation plans and actions.
- Manage the maintenance and monitor a third party cybersecurity risk register for the whole organization.
- Monitor and support remediation activities and work with the third party to ensure findings are being remediated appropriately. Ensure all third party cybersecurity risk management processes and SOPs are being adopted.
- Ensure all technology integrations for the cybersecurity third party program are working effectively and technical issues are identified and resolved with respective technical teams.
- Track key performance and risk indicators (KPIs, KRIs) to measure program performance and risk reduction over time.
- Manage risk assessment tools and GRC solutions to support third party cybersecurity controls and risk assessments, as well as calculate risk levels and prioritize areas of concern.
- Administer and maintain technology platform and solutions utilized to perform third party cybersecurity and data privacy assessments.
- Prepare and maintain documentation, including policies, procedures, standards, and guidelines that support the third party cyber risk management framework.
- Lead the development of third party cybersecurity risk reports and dashboards using tools such as PowerBI.
- Communicate and present findings to stakeholders, management, and regulatory bodies as required.
- Liaise with key departments (e.g. Procurement, Legal, HR, Operations) to address specific cybersecurity third party risk matters.
- Conduct root cause analysis for identified cybersecurity incidents relating to third parties and work with threat and incident response teams to evaluate risks and prevent future occurrences.
- Develop and deliver training materials to educate employees and business stakeholders on identifying and managing third party risks.
- Builds own understanding of our purpose and values; explores opportunities for impact.
- Demonstrates strong commitment to personal learning and development; acts as a brand ambassador to help attract top talent.
- Understands expectations and demonstrates personal accountability for keeping performance on track.
- Actively focuses on developing effective communication and relationship-building skills.
- Understands how their daily work contributes to the priorities of the team and the business.
- Bachelors in computer science, information security or related field / masters in computer science, information security or related field.
- CISM, CISSP, CISA, CRISC, CGRC certifications.
- 5-10 years of relevant experience.
Company Industry: Audit & Accountancy
About the Company
Deloitte is the world's largest and leading professional services firm, providing audit & assurance, consulting, financial advisory, risk advisory and tax and services to public and private clients spanning multiple industries, whether they are in the energy, communications, oil and gas, financial services, family businesses, healthcare, public or education sectors among others.
With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges.Deloitte's more than 250,000 professionals are committed to becoming the standard of excellence.
Deloitte & Touche (M.E.) is a member firm of Deloitte globally and is the first Arab professional services firm established in the Middle East region Deloitte & Touche (M.E.) is a member firm of Deloitte Touche Tohmatsu Limited (DTTL) and is a leading professional services firm established in the Middle East region with uninterrupted presence since 1926 with 26 offices in 15 countries to date.What distinguishes Deloitte member firms in the Middle East is the global and regional expertise and know-how offered through specialized and highly knowledgeable talent. Deloitte aims to offer the best services to its clients through a team with more than 3,300 partners, directors and staff in the Middle East which guarantees effective communication with clients and a deeper understanding of their needs.
It is a Tier 1 Tax advisor in the GCC region since 2010 (according to the International Tax Review World Tax Rankings). It has also received numerous awards in the last few years which include best employer in the Middle East, best consulting firm, the Middle East Training & Development Excellence Award by the Institute of Chartered Accountants in England and Wales (ICAEW), as well as the best CSR integrated organization.
Deloitte drives progress. Our practices around the Middle East support clients become leaders wherever they choose to compete. We invest in outstanding people of diverse talents and backgrounds and empower them to achieve more than they could elsewhere.Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we.
Our Purpose
Deloitte makes an impact that matters. Every day we challenge ourselves to do what matters most-for clients, for our people, and for society. We serve clients distinctively, bringing innovative insights, solving complex challenges and unlocking sustainable growth.We inspire our talented professionals to deliver outstanding value to clients, providing an exceptional career experience and an inclusive and collaborative culture. We contribute to society, building confidence and trust in the markets, upholding the integrity of organizations and supporting our communities.
Our shared values guide the way we behave to make a positive, enduring impact:
- Integrity
- Outstanding value to markets and clients
- Commitment to each other
- Strength from cultural diversity
Apply Now