Your potential, unleashed.
The team
Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks
About the Role
This role plays a vital role in ensuring the effectiveness of controls across cybersecurity and IT domains. As a Control Testing Specialist, you will design, execute, and document comprehensive test plans to evaluate cybersecurity controls, ITGCs and ITACs ensuring alignment with cybersecurity frameworks.
Responsibilities
Cyber Control Testing Specialist
- Develop a thorough understanding of IT and cybersecurity control frameworks and regulations (e.g., NIST CSF, ISO 27001, CIS Controls, SOX)
- Participate in risk assessments to identify cybersecurity and IT control deficiencies and prioritize testing activities.
- Plan, design, and execute control testing procedures across cybersecurity domains such as (not limited to):
- Identity and Access Management (IAM) and Privileged Access Management (PAM)
- Network Security and Endpoint Protection
- Vulnerability and Patch Management
- Data Protection and Encryption Controls
- Incident Response and Security Monitoring
- Business Continuity and Disaster Recovery
- Change and Configuration Management
- Third-Party / Vendor Risk Management
- Independently design and execute test plans for ITGCs and ITACs, utilizing a variety of testing methodologies.
- Assess the effectiveness controls through a combination of stakeholder interviews, evidence reviews, and automated testing methodologies.
- Perform complex test procedures using automated tools and manual techniques, documenting the results comprehensively.
- Analyze test findings, identify control weaknesses, and recommend remediation actions.
- Collaborate with IT and business process owners to address control deficiencies and implement corrective actions.
- Experience in performing vendor security reviews covering cyber security domains
- Stay updated on emerging cybersecurity threats and control best practices.
Qualifications
- Bachelor s degree in information technology, Computer Science, or a related field (or equivalent experience).
- 1-7 years of experience in Cybersecurity assessments, IT security, or a similar role with a focus on controls testing.
- Strong working knowledge of cybersecurity controls frameworks and IT control testing methodologies.
- Familiarity with tools like ServiceNow, Jira, or other GRC platforms.
- Experience in assessing and providing recommendations on the feasibility of automating manual control testing processes.
- Adaptability to manage a dynamic control population and evolving client needs.
- Excellent analytical and problem-solving skills.
- Strong communication, collaboration, and leadership skills.
Certifications (Good to have)
- CISA
- CISM
- CISSP
- ISO 27001: Certified Lead Auditor
Location and way of working
Base location: Bangalore
Professionals are required to work from office.
Your role as Deputy Manager :
We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society.
In addition to living our purpose, you across our organization must strive to be:
- Inspiring - Leading with integrity to build inclusion and motivation
- Committed to creating purpose - Creating a sense of vision and purpose
- Agile - Achieving high-quality results through collaboration and Team unity
- Skilled at building diverse capability - Developing diverse capabilities for the future
- Persuasive / Influencing - Persuading and influencing stakeholders
- Collaborating - Partnering to build new solutions
- Delivering value - Showing commercial acumen
- Committed to expanding business - Leveraging new business opportunities
- Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization
- Effective communication Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities
- Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s)
- Managing change - Responding to changing environment with resilience
- Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision
- Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems
- Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte
- Empathetic leadership and inclusivity - creating a safe and thriving environment where everyones valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive.
