Manager, Information Security Risk and Compliance - Open to flexible working

Various UK Locations - see advert
23 Jun 2022
23 Jul 2022
Contract Type

Manager, Information Security Risk and Compliance, Enabling Functions, UK

Your opportunity

To work in an innovative and creative Information Security team. A world class operation with extensive knowledge and experience. Interfacing with business and technical teams and bringing about change and influence across the whole world of Deloitte. Apply your skills here to make things happen, great people, great purpose and passionate about our work.

Your role

The Information Security Compliance Manager will be responsible for managing Deloitte UK’s compliance status against the firm’s policies and standards and its legal and regulatory obligations. In carrying out these functions the IS Compliance Manager’s responsibilities will include the identification, evaluation and interpretation of all applicable regulatory, statutory and member firm specific information and cyber security requirements, control deficiencies and associated information security risks.

Specific Responsibilities

  • Work across the CISO function and other risk and control functions to support deployment of our security strategy.
  • Analyse management and technical security controls to ensure that mandated security and compliance requirements are met through the verification of documented processes, procedures and standards.
  • Track organisational compliance against our Member Firm Standards for security and mandated security frameworks and policy requirements.
  • Develop and monitor key security controls, identifying reportable key performance and key risk indicators, to track compliance with mandated policies and standards and report on security risk exposures.
  • Support ongoing maintenance of the firm’s ISO 27001 and cyber Essentials certifications.
  • Maintain security control frameworks used to support security assurance activities.
  • Ensure alignment with the firm’s cyber strategy framework.
  • Liaise with Global security teams to keep abreast of new initiative and changes to policies and standards.
  • Assist with internal and external audit requests for the purposes on reporting on the status of key security controls.
  • Manage policy exception requests and liaise with teams to complete supporting risk assessments.
  • Produce management reporting, including metric dashboards summarising KPIs and KRIs, for submission to the firm’s security governance and risk committees.
  • Liaise with the firm’s risk and compliance teams to ensure security reporting is aligned and consistent.
  • Establish and maintain the quality management system to oversee the creation, publication and storage of all security processes and supporting documentation repositories.

Your work, your choice

In the CISO team we are results focused and believe in excellence in respect in all aspects of our work and interaction with each other. We make full use of technologies that help support different ways of working. At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk.

We, therefore, carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. If you would like to hear more about our flexible working arrangements, please let us know.

Location: UK, occasional travel to London office (Aberdeen, Birmingham, Bristol, Cambridge, Cardiff, Edinburgh, Gatwick, Glasgow, Ipswich, Leeds, Liverpool, London, Manchester, Newcastle, Nottingham, Port Talbot, Reading, Southampton, St Albans, Teesside).

Work pattern: Our team members work a variety of agile working patterns. Tell us what arrangement works for you and we’ll try to accommodate.

Your professional experience

  • Degree in IT / computer science or information security (or equivalent)
  • At least one industry certification (e.g. CISM, CRISC, CISA, CISSP) (or equivalent)
  • Strong report writing skills
  • Experience of external security accreditations including ISO 27001 and Cyber Essentials and Information Security Management Systems
  • Experience of Information Security Management Systems and ISO 9001 based quality management systems
  • Strong knowledge and understanding of security metrics and reporting requirements, and developing key performance and key risk indicators
  • Strong knowledge and understanding of security policy frameworks and control implementation.
  • Strong knowledge of risk management methodologies and risk analysis.
  • Strong ability to develop and maintain security processes and procedures.
  • Strong knowledge of GRC tools and platforms such as Archer.

Your service line: Enabling Functions

At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all of their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Practice Support Services, Quality & Risk Services, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience.

Personal independence

Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm.  The recruitment team will provide further detail as you progress through the recruitment process.

About Deloitte

Our Purpose & Strategy

To make an impact that matters for our clients, our people and society - defines who we are and what we stand for. Our purpose provides the foundation for our strategy and our aspiration to be the undisputed leader in professional services: this is not about size, it's about being the first choice. The first choice for the largest and most influential clients, and the first choice for the best talent.

What do we do?

Deloitte offers global integrated professional services that include Audit & Assurance, Consulting, Financial Advisory, Legal, Risk Advisory and Tax Consulting. Our approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities whatever the role, technology revolutions and innovation from multiple disciplines to help our clients excel anywhere in the world.

Beyond the UK: Deloitte North and South Europe

The UK is part of Deloitte North and South Europe (NSE), the second largest member firm in the Deloitte network. Deloitte NSE combines operations in Belgium, Central Mediterranean (Italy, Greece, Malta), Ireland, the Middle East (Bahrain, Cyprus, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Oman, Palestinian Ruled Territories, Qatar, Saudi Arabia, United Arab Emirates, Yemen), the Netherlands, the Nordics (Denmark, Finland, Iceland, Norway and Sweden), Switzerland and the UK. Deloitte NSE brings together 2,700 partners and over 50,000 people, combining our unmatched breadth and depth of capabilities in audit and assurance, consulting, financial advisory, risk advisory, and tax and legal across the region. Being part of Deloitte NSE supports our aspiration to be the undisputed leader in professional services and will create more opportunity and growth for our people.

What do we value?

What brings us all together at Deloitte? It’s how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for maximum impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most.

Being a Leader at Deloitte

Cultural fit and purpose-led leadership is crucial for Deloitte. Our leaders always set the example and inspire their colleagues. They make quality time for people and take an interest in them. They know what matters to people - both inside and outside work – and value them as individuals; always finding opportunities to develop them while showing respect and appreciation.

Please click 'Apply' to submit your application