Information Security Risk Reporting Manager, Information Security Function, Enabling Functions
To work in an innovative and creative Information Security team. A world class operation with extensive knowledge and experience. Interfacing with business and technical teams and bringing about change and influence across the whole world of Deloitte. Apply your skills here to make things happen, great people, great purpose and passionate about our work.
We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us.
The Information Security Risk Reporting Manager will be responsible for:
- Working with the Information Security Risk, Assurance and Compliance team to ensure alignment with the enterprise risk management framework, define the UK risk profile and ensure correct implementation of key security controls across the production estate.
- Taking a key role in defining and implementing the information security operational assurance framework and risk assessment methodologies.
- Working with asset owners across the UK firm to identify high risk assets and establish an annual review schedule.
- Completing security assurance reviews of high risk assets in accordance with the annual review schedules.
- Supporting Service Lines and IT functions in conducting risk assessments affecting business processes and operational activities.
- Ensuring operational security risks are subject to formal risk governance.
- Managing all aspects of running Information Security Risk Committee using good quality KPIs and KRIs for governing and managing IS risks and identify areas for continuous improvement and any non-compliances
- Providing regular updates to the Information Security Leadership team regarding key risk indicators and the status of key operational security controls
- Developing and maintaining risk assurance processes and procedures
- Maintaining the accuracy of the risk register
- Producing content to support submission of reporting papers to executive governance and risk committees.
- Liaising with risk functions across the information security team and 2nd line functions to support risk governance activities, process improvement initiatives and fulfilling internal and external reporting obligations.
- Working across the CISO function and other risk and control functions to support deployment of our security strategy.
- Analysing management and technical security controls to ensure that mandated security and compliance requirements are met through the verification of documented processes, procedures and standards.
- Managing diverse teams within an inclusive team culture where people are recognised for their contribution
Your work, your choice
At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.
Location: London, with an option to work from home when required
Work pattern: This is a permanent contract opportunity. The role can be worked on a full-time basis. Our team members work a variety of agile working patterns. Tell us what arrangement works for you and we’ll try to accommodate.
Your professional experience
- Degree in IT / computer science or information security.
- Solid experience in an information security risk assurance role.
- At least one industry certification (e.g. CISM, CRISC, CISA, CISSP).
- Strong report writing skills.
- Experience of external security accreditations including ISO 27001 and Cyber Essentials and Information Security Management Systems.
- Experience of ISO 9001 based quality management systems.
- Strong knowledge and understanding of security metrics and reporting requirements, and developing key performance and key risk indicators
- Strong knowledge and understanding of security policy frameworks and control implementation.
- Strong knowledge of risk management methodologies and risk analysis.
- Strong risk governance experience, specifically in relation to the creation, maintenance and implementation of risk registers, and reporting to risk governance committees.
- Strong ability to develop and maintain security processes and procedures.
- Strong knowledge of GRC tools and platforms such as Archer.
Your service line: Enabling Functions
At Deloitte, we’re all about making an impact that matters, together. And nowhere is this more apparent than among our 2,000 strong Enabling Functions teams. With our combined specialist skills and business partnering expertise, we provide all the essential strategy, support and advice our client-facing colleagues need, right across the firm. This enables them to focus all of their efforts on delivering the best service possible to their clients. So not only will you be providing world-class support to our internal clients, you’ll be making an impact for all the hugely influential organisations Deloitte works with too. Covering all our distinct areas: Human Resources, Clients & Industries, Finance & Legal, Central Business Services, National Quality & Risk Management, Technology & Digital Services, and Real Estate, the opportunities here are vast. And what’s more, you can grow your career in whatever direction you choose. We’ll support you all the way.
Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process.
Our Purpose & Strategy
To make an impact that matters for our clients, our people and society - defines who we are and what we stand for. Our purpose provides the foundation for our strategy and our aspiration to be the undisputed leader in professional services: this is not about size, it's about being the first choice. The first choice for the largest and most influential clients, and the first choice for the best talent.
What do we do?
Deloitte offers global integrated professional services that include Audit & Assurance, Consulting, Financial Advisory, Legal, Risk Advisory and Tax Consulting. Our approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities whatever the role, technology revolutions and innovation from multiple disciplines to help our clients excel anywhere in the world.
Beyond the UK: Deloitte North and South Europe
The UK is part of Deloitte North and South Europe (NSE), the second largest member firm in the Deloitte network. Deloitte NSE combines operations in Belgium, Central Mediterranean (Italy, Greece, Malta), Ireland, the Middle East (Bahrain, Cyprus, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Oman, Palestinian Ruled Territories, Qatar, Saudi Arabia, United Arab Emirates, Yemen), the Netherlands, the Nordics (Denmark, Finland, Iceland, Norway and Sweden), Switzerland and the UK. Deloitte NSE brings together 2,700 partners and over 50,000 people, combining our unmatched breadth and depth of capabilities in audit and assurance, consulting, financial advisory, risk advisory, and tax and legal across the region. Being part of Deloitte NSE supports our aspiration to be the undisputed leader in professional services and will create more opportunity and growth for our people.
What do we value?
What brings us all together at Deloitte? It’s how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for maximum impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most.
Being a Leader at Deloitte
Cultural fit and purpose-led leadership is crucial for Deloitte. Our leaders always set the example and inspire their colleagues. They make quality time for people and take an interest in them. They know what matters to people - both inside and outside work – and value them as individuals; always finding opportunities to develop them while showing respect and appreciation.
We expect colleagues at all levels to embrace and live our purpose and our leadership culture by challenging themselves to identify issues that are most important for our clients, our people, and for society and make an impact that matters. We know leadership comes in all shapes and sizes, but our Leadership Charter helps all of our people understand what we’re looking for:
- We live our purpose: we act as a role model, embracing and living our purpose and values, and recognising others for the impact they make
- We develop talent: we develop high-performing people and teams through challenging and meaningful opportunities
- We drive performance: we deliver exceptional client service; maximise results and drive high performance from people while fostering collaboration across businesses and borders
- We believe positive influence can make an impact that matters: we influence clients, teams, and individuals positively, leading by example and establishing confident relationships with increasingly senior people
- We move, together, towards a strategic direction: we understand key objectives for clients and Deloitte, aligning people to objectives and setting priorities and direction.
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 1 New Street Square, London EC4A 3HQ, United Kingdom.
Deloitte LLP is the United Kingdom affiliate of Deloitte NSE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NSE LLP do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.
© 2020 Deloitte LLP. All rights reserved.
Requisition code: 180485