Compliance Manager, GTS Global Cybersecurity, Global, London Compliance Manager, GTS Global Cybersecurity,  …

in London, England, United Kingdom
Permanent, Full time
Be the first to apply
in London, England, United Kingdom
Permanent, Full time
Be the first to apply
Compliance Manager, GTS Global Cybersecurity, Global, London
Your opportunity
The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centres. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center.

The position reports to the Compliance Senior Manager. The role should meet the objectives and mission of the Cybersecurity organization with a primary focus on leading the team responsible for managing the compliance process focused on providing assurance that cybersecurity controls are operating effectively across Deloitte Global and Member firms.

Are you looking to return to the workplace after an extended career break?
For this role we can offer coaching and support designed for returners to refresh your knowledge and skills, and help your transition back into the workplace after a career break of 2 years or more. If this is relevant for you, just let your recruiter know when you make your application.

Your role
Specific responsibilities:
  • Execute cybersecurity controls testing across the Deloitte network to determine control effectiveness and adherence to both internal cybersecurity policies and
  • standards and external requirements (e.g. certifications, laws, regulations and contracts)
  • Assess and monitor the effectiveness of the compliance assessment process in accordance with agreed metrics and performance measures
  • Maintain the Integrated Controls Library (ICL) as agreed with other team members and relevant governance bodies
  • Extract controls from new standard statements to provide detailed compliance criteria

  • Support and execute the compliance processes using the compliance tool (ServiceNow GRC)
  • Respond to Member Firm and DTTL queries regarding compliance processes, roles and responsibilities, and relevant features and functionality within the ServiceNow GRC tool
  • Review and validate Member Firm and DTTL responses to compliance assessments, including evidence provided to demonstrate effectiveness of controls, requesting additional information where required (ServiceNow GRC)
  • Conduct deep dive assessments to verify and test the effectiveness of specific Member Firm and DTTL controls, in agreement with other team members, and provide constructive recommendations, findings and observations where required
  • Review and validate Member Firm and DTTL action plans, providing constructive recommendations and feedback to ensure that identified issues are remediated in a timely manner
  • Respond to and investigate alerts generated by the ServiceNow GRC tool, raising issues and working with Member Firms and other stakeholders to define action plans as necessary
  • Track and monitor implementation of action plans to ensure remediation of identified issues
  • Identifies what is needed to validate remediation has been successful
  • Provide reporting on Member Firm and DTTL compliance using the ServiceNow GRC tool, and generate specific compliance reports for Member Firms and DTTL

Relationship Management
  • Develop and maintain relationships with cybersecurity, technology, legal, and risk leaders within DTTL and its member firms
  • Provide advice and support to Member Firms and DTTL as required to ensure compliance processes, roles and responsibilities and the features and functionality in the ServiceNow GRC tool are understood
  • Provide advice and support to Member Firms and DTTL Service Teams to define and implement action plans to remediate identified issues

Your work, your choice
At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.

You will be based at our London office, with an option of working from home one day a week

Work pattern:
This is a permanent contract opportunity. The role can be worked on a full-time basis. Our team members work a variety of agile working patterns. Tell us what arrangement works for you and we'll try to accommodate.

Your professional experience

  • Ability to travel as needed up to 20%
  • Bachelor's degree: degree in business administration, a technology-related field, or equivalent education-related experience
  • Combined experience in the Information Security / Cybersecurity domain ideally with a focus on governance, risk and compliance
  • Experience working on a team responsible for cybersecurity compliance management, audit or assurance
  • Experience assessing and managing compliance against agreed standards at the level of individual security controls (administrative, technical / logical, physical)
  • Experience managing and supporting compliance relationships, providing constructive recommendations and advice where required to ensure a collaborative compliance relationship
  • Professional security management certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ISO27001 Lead Auditor or other similar credentials
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security topics, and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
  • Broad technical and nontechnical understanding encompassing the design, implementation and operation of administrative, technical / logical and physical security controls across systems, infrastructure and applications
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
  • Experience interacting, presenting and working with senior management
  • Experience with ServiceNow GRC, Archer or equivalent GRC tools is strongly desirable.

Your service line: Deloitte Global
Across disciplines and across borders, Deloitte Global supports our network of member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Deloitte Global professionals makes an impact that matters to the world of Deloitte. We share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

Personal independence
Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process.

About Deloitte

Our Purpose & Strategy
To make an impact that matters for our clients, our people and society - defines who we are and what we stand for. Our purpose provides the foundation for our strategy and our aspiration to be the undisputed leader in professional services: this is not about size, it's about being the first choice. The first choice for the largest and most influential clients, and the first choice for the best talent.

What do we do?
Deloitte offers global integrated professional services that include Audit & Assurance, Consulting, Financial Advisory, Legal, Risk Advisory and Tax Consulting. Our approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities whatever the role, technology revolutions and innovation from multiple disciplines to help our clients excel anywhere in the world.

Beyond the UK: Deloitte North and South Europe
The UK is part of Deloitte North and South Europe (NSE), the second largest member firm in the Deloitte network. Deloitte NSE combines operations in Belgium, Greece, Ireland, Italy, Malta, the Netherlands, the Nordics (Denmark, Finland, Iceland, Norway and Sweden), Switzerland and the UK. Deloitte NSE brings together 2,500 partners and over 40,000 people, combining our unmatched breadth and depth of capabilities in audit and assurance, consulting, financial advisory, risk advisory, and tax and legal across the region. Being part of Deloitte NSE supports our aspiration to be the undisputed leader in professional services and will create more opportunity and growth for our people.

What do we value?
What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for maximum impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most.

Being a Leader at Deloitte
Cultural fit and purpose-led leadership is crucial for Deloitte. Our leaders always set the example and inspire their colleagues. They make quality time for people and take an interest in them. They know what matters to people - both inside and outside work - and value them as individuals; always finding opportunities to develop them while showing respect and appreciation.
We expect colleagues at all levels to embrace and live our purpose and our leadership culture by challenging themselves to identify issues that are most important for our clients, our people, and for society and make an impact that matters. We know leadership comes in all shapes and sizes, but our Leadership Charter helps all of our people understand what we're looking for:

  • We live our purpose: we act as a role model, embracing and living our purpose and values, and recognising others for the impact they make
  • We develop talent: we develop high-performing people and teams through challenging and meaningful opportunities
  • We drive performance: we deliver exceptional client service; maximise results and drive high performance from people while fostering collaboration across businesses and borders
  • We believe positive influence can make an impact that matters: we influence clients, teams, and individuals positively, leading by example and establishing confident relationships with increasingly senior people
  • We move, together, towards a strategic direction: we understand key objectives for clients and Deloitte, aligning people to objectives and setting priorities and direction.



Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 1 New Street Square, London EC4A 3HQ, United Kingdom.
Deloitte LLP is the United Kingdom affiliate of Deloitte NSE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NSE LLP do not provide services to clients. Please see to learn more about our global network of member firms.

© 2019 Deloitte LLP. All rights reserved.

Requisition code: 175899

Deloitte logo