Deloitte US

We are seeking a Cybersecurity contractor to support Information Technology Services (ITS) Cyber Security, Risk & Compliance (CSRC) programs, with a primary focus on third-party security risk assessments. In this role, you will assess security, confidentiality/privacy, and operational risks associated with vendor solutions and ensure risks are managed in alignment with the organization’s Risk Management Program, applicable laws/regulations, and industry security standards. Security awareness and training activities will also be part of this position.

Key roles and responsibilities

• Conduct information security assessments of third-party vendors to determine their ability to protect confidential data.
• Enhance risk/vulnerability assessment programs and questionnaires to support identification and mitigation of security risks.
• Identify and document information security vulnerabilities and risks in the technology environment.
• Evaluate vulnerabilities and risks, partnering with business owners, risk management, and vendor representatives.
• Define remediation tasks for identified vendor risks and vulnerabilities; negotiate remediation timelines.
• Track remediation progress and provide clear reporting to stakeholders.
• Monitor appropriate sources for newly identified vulnerabilities, evaluate risk to the organization, and advise management on mitigation actions.
• Stay current on evolving security tools and techniques and research options that could improve protection of information and infrastructure.
• Maintain expertise in identifying security risks across hardware, software, and systems used by the organization.
• Participate in continuing education and professional development to remain current in cybersecurity.
• Ensure identified risks are managed in accordance with the Risk Management program.

Qualifications

• Experience performing third-party/vendor information security assessments (including evidence review and control evaluation).
• Working knowledge of security, privacy, and operational risk concepts (confidentiality/privacy, resilience, and control effectiveness).
• Familiarity with common standards/frameworks (e.g., NIST, ISO 27001, SOC 2) and ability to align vendor controls to requirements.
• Strong communication skills—able to write clear findings, risk statements, and remediation plans for technical and business audiences.
• Strong stakeholder management and follow-through to drive remediation to closure.

Preferred Qualifications

• Current industry certification such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control), or similar.
• Experience with RSA Archer, specifically the Vendor Management module.
• US Citizen is preferred

The expected pay range for this contract assignment is $ 50 - $55 per hour.  The exact pay rate    will vary based on skills, experience, and location and will be determined by the third-party whose employees provide services to Deloitte.   

Candidates interested in applying for this opportunity must be geographically based in the United States and must be legally authorized to work in the United States without the need for employer sponsorship.

We do not accept agency resumes and are not responsible for any fees related to unsolicited resumes. 

Deloitte is not the employer for this role.  

This work is contracted through a third-party whose employees provide services to Deloitte. 

#LI-GS2

#Remote