Job Description

Basic information

Location

London

Business Line

Enabling Functions

Job Type

Contract

Date published

01-Aug-2025

Req #

19919
Job description

Job Title:

Cybersecurity Project Assurance Manager (contract)

Location:

London Hybrid. Travel to the London office 2 days a week

Duration:

12 months

Contract Start Date:

August 2025

Deloitte

Working with the Deloitte Associate (Contractor) Programme means we can offer you the opportunity to work on a variation of industry and client related projects. Our aim is to retain the best talent and so when your project end date nears our team of Talent Community Advisors will be working with you to look at alternative projects within the firm that suit your experience should you wish to continue with Deloitte.

The Role

We are looking for an experienced

Cybersecurity Project Assurance Manager

to work in the innovative and creative CISO team at Deloitte. A world class operation with extensive knowledge and experience. Interfacing with business and technical teams and bringing about change and influence across the whole world of Deloitte. You will be part of a great team that are passionate about our work in serving a great purpose.

Your professional experience

Cybersecurity experience

with a strong understanding of

information security

principles, including confidentiality, integrity, and availability. Demonstrable understanding of

Cybersecurity risk and controls

inherent in various technologies, and related best practices. This includes OWASP Top 10 and vulnerability management. Have strong knowledge in

cybersecurity frameworks and standards

like ISO 27001, NIST, COBIT, and Cyber Essentials+. Experience with

risk management

methodologies, techniques and clearly understand and articulate risk. Identify risks associated with business processes, operations and the roll out of technology projects. An understanding of

project management

to manage security aspects within a project timeline and budget. Knowledge and understanding of

cybersecurity technologies

- mobile threat defense, endpoint protection, data loss prevention, insider threat protection, device hardening, classification, key and certificate management. Excellent communication and

stakeholder management

abilities. Provide consulting and advisory to the business Experience of working in a fast-paced, deadline driven environment. Work with changing priorities and multiple projects. Have a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise.

Desirable

Relevant certifications like Certified Information Systems Security Professional (

CISSP

), Certified Information Security Manager (

CISM

) or Certified in Risk and Information Systems Control (

CRISC

) or similar. Experience in

assessing Technology Assets

for adherence to security requirements. An understanding of

service management

and delivery

Deliverables: Responsibilities but not limited to:

Assess that Cybersecurity is embedded throughout the development lifecycle of Technology Assets. Use Deloitte's Secure System Development Lifecyle (

SSDLC

) to assure paths to production. Oversee

security testing activities

like vulnerability scanning, penetration testing and code reviews. Identify weaknesses and potential exploits on the identified security requirements.

Identify potential information security risks

within a project, analyse their impact and develop mitigation strategies to address vulnerabilities. These risk assessments will be presented to risk owners who are either Director or Partner level. Ensure the project adheres to Deloitte's

Cybersecurity capability framework

, relevant information security regulations and industry standards. E.g. GDPR, EU AI Act, ISO 27001, NIST Cybersecurity Framework, and Cyber Essentials +.

Communicate

security awareness, concerns, and requirements to project stakeholders, including developers, project managers, and business leaders, to ensure alignment and buy-in.

Maintain documentation

related to security assessments, risks, mitigation plans, and compliance status, providing regular reports to relevant stakeholders across waterfall and iterative deployment methodologies. Enable the business by being a

trusted partner

. Work with Business Relationship Managers, Business Advisers and Programme Managers to provide advice and guidance on Project Demand initiatives so that speed to market is both prioritised and secured. Work with local and Global compliance teams to ensure that

secure development practices

across the business align to good practice, are audit ready and practical.

IR35

As a means of managing tax, commercial and reputational risks, Deloitte prohibits the use of Associates through Personal Service Companies ('PSCs'). All Associates must contract under PAYE arrangements through a Deloitte approved 'Employment Company' (aka 'umbrella company.')