Your opportunity To work in an innovative and creative Information Security team. A world class operation with extensive knowledge and experience. Interfacing with business and technical teams and bringing about change and influence across the whole world of Deloitte. Apply your skills here to make things happen, great people, great purpose and passionate about our work. We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us.
Are you looking to return to the workplace after an extended career break? For this role we can offer coaching and support designed for returners to refresh your knowledge and skills, and help your transition back into the workplace after a career break of 2 years or more. If this is relevant for you, just let your recruiter know when you make your application.
Your role The Information Security Compliance Manager will be responsible for managing Deloitte UK’s compliance status against the firm’s policies and standards and its legal and regulatory obligations. In carrying out these functions the IS Compliance Manager’s responsibilities will include the identification, evaluation and interpretation of all applicable regulatory, statutory and member firm specific information and cyber security requirements, control deficiencies and associated information security risks
Responsibilities include - • Work across the CISO function and other risk and control functions to support deployment of our security strategy. • Analyse management and technical security controls to ensure that mandated security and compliance requirements are met through the verification of documented processes, procedures and standards. • Track organisational compliance against our Member Firm Standards for security and mandated security frameworks and policy requirements. • Develop and monitor key security controls, identifying reportable key performance and key risk indicators, to track compliance with mandated policies and standards and report on security risk exposures. • Support ongoing maintenance of the firm’s ISO 27001 and cyber Essentials certifications. • Maintain security control frameworks used to support security assurance activities. • Ensure alignment with the firm’s cyber strategy framework. • Liaise with Global security teams to keep abreast of new initiative and changes to policies and standards. • Assist with internal and external audit requests for the purposes on reporting on the status of key security controls. • Manage policy exception requests and liaise with teams to complete supporting risk assessments. • Produce management reporting, including metric dashboards summarising KPIs and KRIs, for submission to the firm’s security governance and risk committees. • Liaise with the firm’s risk and compliance teams to ensure security reporting is aligned and consistent. • Establish and maintain the quality management system to oversee the creation, publication and storage of all security processes and supporting documentation repositories. • Manage a diverse team within an inclusive team culture where people are recognised for their contribution
Your work, your choice At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.
Work pattern: This is a permanent contract opportunity. The role can be worked on a full-time basis.
Your professional experience • Degree in IT / computer science or information security • Minimum 5 years in an information security compliance role • At least one industry certification (e.g. CISM, CRISC, CISA, CISSP) • Strong report writing skills • Experience of external security accreditations including ISO 27001 and Cyber Essentials and Information Security Management Systems • Experience of Information Security Management Systems and ISO 9001 based quality management systems • Strong knowledge and understanding of security metrics and reporting requirements, and developing key performance and key risk indicators • Strong knowledge and understanding of security policy frameworks and control implementation. • Strong knowledge of risk management methodologies and risk analysis. • Strong ability to develop and maintain security processes and procedures. • Strong knowledge of GRC tools and platforms such as Archer.
(For a full Job Description, visit the Deloitte careers website)