Cybersecurity Project Assurance Manager

Job Title: Cybersecurity Project Assurance Manager (contract) Location: London Hybrid. Travel to the London office 2 days a week Duration: 12 months Contract Start Date: August 2025 Deloitte Working with the Deloitte Associate (Contractor) Programme means we can offer you the opportunity to work on a variation of industry and client related projects. Our aim is to retain the best talent and so when your project end date nears our team of Talent Community Advisors will be working with you to look at alternative projects within the firm that suit your experience should you wish to continue with Deloitte.

The Role We are looking for an experienced Cybersecurity Project Assurance Manager to work in the innovative and creative CISO team at Deloitte. A world class operation with extensive knowledge and experience. Interfacing with business and technical teams and bringing about change and influence across the whole world of Deloitte. You will be part of a great team that are passionate about our work in serving a great purpose.

Your professional experience Cybersecurity experience with a strong understanding of information security principles, including confidentiality, integrity, and availability. Demonstrable understanding of Cybersecurity risk and controls inherent in various technologies, and related best practices. This includes OWASP Top 10 and vulnerability management. Have strong knowledge in cybersecurity frameworks and standards like ISO 27001, NIST, COBIT, and Cyber Essentials+. Experience with risk management methodologies, techniques and clearly understand and articulate risk. Identify risks associated with business processes, operations and the roll out of technology projects. An understanding of project management to manage security aspects within a project timeline and budget. Knowledge and understanding of cybersecurity technologies - mobile threat defense, endpoint protection, data loss prevention, insider threat protection, device hardening, classification, key and certificate management. Excellent communication and stakeholder management abilities. Provide consulting and advisory to the business Experience of working in a fast-paced, deadline driven environment. Work with changing priorities and multiple projects. Have a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise.

Desirable Relevant certifications like Certified Information Systems Security Professional ( CISSP ), Certified Information Security Manager ( CISM ) or Certified in Risk and Information Systems Control ( CRISC ) or similar. Experience in assessing Technology Assets for adherence to security requirements. An understanding of service management and delivery Deliverables: Responsibilities but not limited to: Assess that Cybersecurity is embedded throughout the development lifecycle of Technology Assets. Use Deloitte’s Secure System Development Lifecyle ( SSDLC ) to assure paths to production. Oversee security testing activities like vulnerability scanning, penetration testing and code reviews. Identify weaknesses and potential exploits on the identified security requirements. Identify potential information security risks within a project, analyse their impact and develop mitigation strategies to address vulnerabilities. These risk assessments will be presented to risk owners who are either Director or Partner level. Ensure the project adheres to Deloitte’s Cybersecurity capability framework , relevant information security regulations and industry standards. E.g. GDPR, EU AI Act, ISO 27001, NIST Cybersecurity Framework, and Cyber Essentials +. Communicate security awareness, concerns, and requirements to project stakeholders, including developers, project managers, and business leaders, to ensure alignment and buy-in. Maintain documentation related to security assessments, risks, mitigation plans, and compliance status, providing regular reports to relevant stakeholders across waterfall and iterative deployment methodologies. Enable the business by being a trusted partner . Work with Business Relationship Managers, Business Advisers and Programme Managers to provide advice and guidance on Project Demand initiatives so that speed to market is both prioritised and secured. Work with local and Global compliance teams to ensure that secure development practices across the business align to good practice, are audit ready and practical.

IR35 As a means of managing tax, commercial and reputational risks, Deloitte prohibits the use of Associates through Personal Service Companies (‘PSCs’). All Associates must contract under PAYE arrangements through a Deloitte approved ‘Employment Company’ (aka ‘umbrella company.’)