Connect to your career at Deloitte.
Deloitte, established globally in 1845, is the world’s largest and leading professional services firm, providing audit and assurance, tax, consulting, financial advisory, and risk advisory services to public and private clients spanning multiple industries. We are present in more than 150 countries, and as the world's largest management consulting business, Deloitte is distinct in its ability to help clients solve their most complex problems, from strategy to implementation.
Deloitte innovation hub (DIH) is a strategic initiative/priority established by Deloitte North & South Europe (NSE) to support our ambition to become the leading business transformation partner of choice for our clients and to expand and scale our delivery footprint across EMEA. With access to a scaled, diverse, highly skilled, motivated, and engaged workforce, DIH is delivering complex technical solutions for clients’ most complex business problems, across Portfolios that include ‘Strategy & Transactions’, ‘Customer’, ‘Engineering, AI & Data, ‘Enterprise, Technology & Performance’ and ‘Cyber’. DIH is aiming to become the destination for top talents in Egypt for a long, exciting career.
We invest in outstanding people of diverse talents and backgrounds and empower them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we. Our organization has grown in scale and diversity, providing services across the region, with our shared culture remaining the same. We aim to help clients realize their ambitions, make a positive difference in society, and maximize the success of our people. This drive fuels the commitment and humanity that run deep through our every action.
Connect to your opportunity
As a Third-Party Cyber Risk Management, you can expect to be involved in the following:
Responsibilities

• Conduct cybersecurity and data privacy controls assessments on Third Parties and vendors in line with industry, regional and international best standards and regulations e.g. NIST CSF,ISO 27001, UAE-NESA and Information Security Regulation (ISR), GDPR and UAE PDPL.
• Coordinate scheduling, evidence collection and responses with third party point of contact Collect and review control evidence and analyze third party information and data.
• Review independent assurance reports and certifications (e.g. SOC1&2, ISO27001).
• Support contract reviews and negotiations over cybersecurity requirements and clauses by working closely with procurement and legal teams.
• Perform risk assessments and evaluate inherent and residual cybersecurity risks. Analyze the likelihood and potential impact of identified risks using qualitative and quantitative methods.
• Determine adequate treatment plans for identified risks and control gaps, detailing findings, recommendations, and mitigation strategies.
• Develop action plans and timelines for implementing risk controls and track remediation plans to reduce identified risks and close control
• Collaborate with stakeholders and relevant business departments to implement risk mitigation plans and actions.
• Maintain and monitor a third-party cybersecurity risk register for the whole organization.
• Monitor and support in remediation activities and work with the third party to ensure findings are being remediated appropriately. Ensure all third-party cybersecurity risk management processes and SOPs are being adopted.
• Ensure all technology integrations for the cybersecurity third party program are working effectively and technical issues are identified and resolved with respective technical teams.
• Track key performance and risk indicators (KPIs, KRIs) to measure program performance and risk reduction over time.
• Manage risk assessment tools and GRC solutions to support third party cybersecurity controls and risk assessments, as well as calculate risk levels and prioritize areas of concerns.
• Administer and maintain technology platform and solutions utilized to perform third party cybersecurity and data privacy assessments.
• Prepare and maintain documentation, including policies, procedures, standards, and guidelines that support the third-party cyber risk management framework.
• Develop third party cybersecurity risk reports and dashboards using tools such as Power BI.
• Communicate and present findings to stakeholders, management, and regulatory bodies as required.
• Liaise with key departments (e.g. Procurement, Legal, HR, operations) to address specific cybersecurity third party risk matters.
• Conduct root cause analysis for identified cybersecurity incidents relating to third parties and work with threat and incident response teams to evaluate risks and prevent future occurrences.
• Develop and deliver training materials to educate employees and business stakeholders on identifying and managing third party risks.
• Research and integrate best practices for risk management within the industry and implement it in day-to-day operations to ensure continuous improvement.

Connect to your skills and professional experience
To succeed in this role, you will need to match the following criteria:

• Bachelor’s degree in computer science, Information Security, or a related field
• Minimum of Seven years of related experience.
• Strong technical knowledge of cybersecurity domains (Governance, Compliance, Risk Management, Identity and Access Management, Data Security, Cryptography, Network Security, Cloud Security, Endpoint Security, Business Continuity Management, Operational Technology, Data Lifecycle Management etc)
• Strong technical knowledge of third-party cybersecurity risk management frameworks, IT governance frameworks, regulatory requirements, and best practices.
• Strong technical experience conducting and managing third party cybersecurity assessments.
• Hands-on experience with security frameworks such as ISO 27001, PCI, NCA, SAMA CSF, NIST, etc.
• Knowledge of relevant laws and regulations such as NESA ISR, UAE PDPL, GDPR, HIPAA, SOX, etc.

Preferred Certifications:

• Relevant certifications such as CISA, CRISC, CGRC, CISSP, CISM, or other equivalent certificates are highly desirable.

The following attributes are essential:

• A willingness to work as part of a diverse team.
• A commitment to continuous improvement and lifelong learning.
• A passion for technology and a drive to deliver s
• An ability to remain calm under pressure whilst continuing to pay attention to detail.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal abilities.
• Ability to work effectively in a fast-paced and dynamic environment.
• Proactive and self-motivated with a keen attention to detail.

Connect to your service line – Technology & Transformation

Distinctive thinking, deep expertise, and collaborative working. That’s what connects us. That’s what makes us Deloitte. If you want to help solve some of the biggest challenges around, join us. Together, we’ll make an impact that matters.
Connect to your agile working options
Location: Cairo, Egypt
Your Work, Your Way: We call our hybrid working vision Deloitte Works. And it does. We trust you to make the right choices around where, when and how you work. You’ll be able to make decisions about how you work best, to be collaborative, learn from colleagues, share your experiences, build the relationships that will fuel your career and prioritise your wellbeing. Having great conversations with your team and your leadership paves the way for great collaborative ways of working.

Our commitment to you
Making an impact is more than just what we do: it’s why we’re here. So, we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before.
We want you. The true you. Your own strengths, perspective, and personality. So, we’re nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we’ll take your wellbeing seriously, too. Because it’s only when you’re comfortable and at your best that you can make the kind of impact you, and we, live for.
Your expertise is our capability, so we’ll make sure it never stops growing. Whether it’s from the complex work you do, or the people you collaborate with, you’ll learn every day. Through world-class development, you’ll gain invaluable technical and personal skills. Whatever your level, you’ll learn how to lead.
Connect to your next step
A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you’ll experience a purpose you can believe in and an impact you can see. You’ll be free to bring your true self to work every day. And you’ll never stop growing, whatever your level.