Assistant Manager, Second Line Cyber & Technology Risk, Enabling Functions

Are you interested in cyber security, the threat landscape, and keeping pace with the speed of technology change? Do you have a naturally inquisitive mind? Do you enjoy working through complex and technical challenges?

If so, we are seeking an Assistant Manager to join our Cyber and Technology Risk team within Deloitte Business Security (DBS), who are part of the Deloitte Quality, Risk and Security (QRS) community.

Within QRS, we use our skills and experience across a variety of disciplines to support a risk intelligent culture at Deloitte - enabling our Partners and practitioners to deliver high quality services to their clients, and acting as custodians of firm risk, security, ethics, and reputation.

• Our Cyber Risk and Technology team forms part of the second line of cyber security defense for Deloitte itself. This is an internal, not a client facing role. Our team purpose is to manage the complex cyber risks Deloitte faces daily. Working closely with colleagues across our first line of defense, IT and Business you’ll be able to make an impact that matters and drive positive security change and enhance the security posture of our firm.
• You’ll be working alongside a supportive team in DBS who care about doing the right thing and protecting the confidentiality, privacy and security of Deloitte’s people, buildings, assets and data.
• You will be supported to develop your technical and personal skillset through peer support, development plans, mentorship, coaching and access to extensive training resources.
• We understand the importance of personal well-being and offer flexible working arrangements to support your individual needs.

Connect to your opportunity

Our Cyber and Technology Risk team has a catalogue of second line security services we provide which range from consultancy on large firm-wide projects, governance, assurance and cyber risk management to information protection, cyber incident support, and third-party risk management. We are looking for an assistant manager to support and enhance the existing team, help us assess risks to the firm, deliver our second line assurance program and support our management of third-party cyber risks. The cyber risk landscape changes constantly and we support a large and varied business that is constantly evolving and growing. No two days are ever quite the same here and your role will grow and evolve over time. Your opportunity will include...

• Learning – Gain knowledge of the 3 line of defense model, our second line Cyber Risk services and support awareness, consultancy, and delivery of the services across the business. You’ll also spend time on personal development and technology and risk learning and have the opportunity to drive and take charge of your career at Deloitte.
• Risk and Security – Contribute to delivering our multi-year control assurance plan to enhance our security posture, and working across our wider service catalogue as needed. Provide cyber risk consultancy to the wider business on cyber risk, technology risk, legal and regulatory requirements and third party risk, guiding secure practices across Deloitte.
• People - Build and maintain relationships across our department and firm, grow your internal network identifying and proactively managing and supporting key stakeholder relationships across our IT function, first and third lines of defense and key business stakeholders.
• Research - Keep up with the cyber threat landscape, and new and emerging technologies in use in the market and within our business, share that information and knowledge across the team and use it to help spot emerging cyber risk.
• Culture of inclusion - join a diverse and supportive team where collaboration is fundamental, and your contributions are valued.

Connect to your skills and professional experience

• You’re a natural at taking initiative, inquisitive and keen to learn about new technologies and security, questioning of the status quo and understand the challenges a firm our size may face in these areas.
• You’re good at problem solving, understanding that there isn’t always a simple or perfect answer to every challenge but can empathise with others, take a pragmatic and risk-based view to enable our business to overcome challenges and deliver secure services.
• You’re able to keep a positive attitude, maintain a high ethical standard and able to adapt to changing priorities. You’re able to spot opportunities to help or share knowledge with others in the team, can manage your time and workload, proactively asking for support where needed – we succeed as a team when you succeed in your role.
• A demonstrable passion for cyber risk, security assurance, technology and a desire to continuously learn and grow.
• Critical thinking – able to use tools or systematic approaches to gather information from multiple sources, drawing upon assurance experience and use it to make evidence-based assessments and informed decisions.
• Some technical background or work experience in IT, project management, cyber security or cyber risk – ideally with knowledge of some (not all) of the following – Windows 11, MacOS, Office 365, hybrid environments.
• The ability to effectively communicate business and technical risk to varied audiences and understand technology, systems, and applications from both a business and technical function perspective. We have diverse and global teams that we work alongside and collaborating with them is critical to our shared success.
• Knowledge of either ISO27001/Cyber Essentials/CAF frameworks.
• Ability to research and understand new technologies and/or cyber threats and bring that information back to the rest of the team to support knowledge sharing and upskilling.
• Knowledge of the 3 lines of defence security model, NIS2, DORA, data privacy concepts.
• Knowledge of any of the following - Amazon AWS, Microsoft Azure, cloud security/technologies, Linux, Jira technologies, Generative AI, DLP technologies.
• Project Management, third party risk management or IT support/delivery.
• Government & Public Sector experience.
• Industry qualifications or knowledge of principles within (e.g. ISC2 CC – Certified in Cyber Security, CISM, CISA, CRISC, ISO lead auditor or equivalent).

Our hybrid working policy

You’ll be based in Cardiff with hybrid working.

At Deloitte we understand the importance of balancing your career alongside your home life. That’s why we’ll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you’ll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You’ll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritise your wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role.

Our commitment to you

Making an impact is more than just what we do: it’s why we’re here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before.

We want you. The true you. Your own strengths, perspective and personality. So we’re nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we’ll take your wellbeing seriously, too. Because it’s only when you’re comfortable and at your best that you can make the kind of impact you, and we, live for.

Your expertise is our capability, so we’ll make sure it never stops growing. Whether it’s from the complex work you do, or the people you collaborate with, you’ll learn every day. Through world-class development, you’ll gain invaluable technical and personal skills. Whatever your level, you’ll learn how to lead.

Connect to your next step

A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you’ll experience a purpose you can believe in and an impact you can see. You’ll be free to bring your true self to work every day. And you’ll never stop growing, whatever your level.

Discover more reasons to connect with us, our people and purpose-driven culture at deloitte.co.uk/careers