Third Party Risk - Controls Tester Senior Consultant

When you join the Deloitte Advisory Third-Party Risk Management (TPRM) practice, you will see how we work with some of the largest organizations in the world, across a variety of industries, to assist organizations in the development and operation of TPRM programs. Our client list includes eminent organizations across industries, e.g. technology, mining, media, pharmaceuticals, oil and gas, public sector and charities.

• Perform ongoing third-party cyber risk assessments to help clients identify and evaluate complex business and technology risks related to their third parties.
• Comply with delivery SLA's and provide periodic status updates including potential risks and delays to the project delivery to project manager.
• Perform validation of sub-controls with third parties as per the validation process set by Deloitte and generate the final report in English language.

• For the purposes of this job description, the scope of assessments is limited to English language only.

• Overall 3+ yrs of relevant experience in information security
• Working knowledge and understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
• Demonstrate knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk
• Demonstrate knowledge in one or more of the following cyber risk domains, including:
• Security Governance and Management
• Security Policies and Procedures
• Application Security Controls
• Access Controls
• Network Security Operations
• Security Architectures
• Identity Management
• Disaster Recovery & Business Continuity
• Incident Response
• Risk Management
• Privacy and Data Protection
• Encryption
• Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
• Excellent verbal and written communication skills
• Excellent inter-personal skills
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
• Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve

• CISSP/CISA (or equivalent)
• Experience with information security audit or assessments
• Good understanding of legal and regulatory requirements around information security and data privacy, such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.
• Prior consulting experience
• Experience with internal controls, risk assessments, business process, and internal IT control testing or operational auditing