Requirements:

• Degree in computer science or equivalent;
• At least 3 years of experience in information security area, risk management;
• Familiarity with the ISO 27001:2013 family of standards, NIST, COBIT, ITIL;
• Experience in conducting information security audits is an advantage;
• Knowledge of administrative, technical/logical and physical information security controls;
• Knowledge of risk management frameworks;
• Knowledge of CVSS v.3 is an advantage;
• Proficiency in Microsoft Office;
• English – advanced level, both written and spoken;
• Comfortable with information technology, systems and data;
• Analytical skills and thoroughness;
• Good communication skills and service quality oriented;
• Sense of responsibility and willingness to learn new systems and processes.

• Support with Information Security Vendor Assessment processes;
• Managing and tracking exceptions from technology restrictions processes;
• Cooperation with IT Security team in terms of identification of potential Information Security risks;
• Analyzing vulnerability and penetration testing results and coordinating work with patch management teams for remediation;
• Identification of information security risks within the business and security processes;
• Support with the Internal and External Information Security audits, including but not limited to ISO27001 audits, Deloitte Global (DTTL) assessments, external 3rd party audits;
• Assessment of identified risks according to the approved risk assessment approach and Enterprise Risk Framework;
• Support with formulating the Risk Treatments Plans (including risk ownership assignment) aiming mitigation of identified risks;
• Ensuring timely implementation of agreed Risk Treatment Plans in cooperation with identified risk owners and support functions;
• Analyzing and assessing the information & cyber Security Risk landscape;
• Close Cooperation with Internal Audit Department;
• Coordinating with IT Operations and IT Security Operation teams in terms of monitoring and investigation of security breaches and other cyber security incidents;
• Research security enhancements and make recommendations to management in terms of information security enhancement;
• Support in conducting the risk assessment for new and existing systems and applications;
• Reporting on all identified risks and their mitigation statuses on a monthly basis.

• Remote/Hybrid mode;
• Interesting, full of challenges job in the international company;
• Work environment that supports knowledge sharing, personal development and networking;
• Internal and external trainings;
• Real opportunities for growth and promotion – clear and individual career paths;
• A range of benefits (Kafeteria, private health insurance, travel insurance , contribution to Multisport card and other benefits).

Deloitte Central Europe is among the region’s leading professional services firms, providing a wide range of world-class audit, consulting, financial advisory, risk management, tax and related services to select public and private clients spanning multiple industries through nearly 8,000 people in 41 offices in 18 countries. 

Information Technology Team is among the fastest growing ones in our firm and plays a crucial role in our operations. IT provides support to over 5 000 Deloitte Central Europe employees and driving innovation and automation onward throughout the firm. We work with modern technologies, applications, systems and infrastructure.