Cyber Risk & Exceptions Management Analyst

@ Deloitte

Our Purpose

At Deloitte, our purpose is to make an impact that matters by inspiring and helping people, organizations, and communities thrive. As Canada’s largest 100% Canadian-owned professional services firm, we drive positive change and build a better future.

What Will Your Typical Day Look Like?

The Cyber Risk & Exceptions Management Analyst is responsible for managing cyber risks and exceptions. Key operational duties include governance of the Deloitte Technology Cyber Risk Register, maintaining the Cyber Risk Framework, facilitating risk reviews, analyzing exceptions, and producing detailed reports. Relationship management includes collaborating with cross-functional teams and advising on information security policies and standards.

Qualifications & Requirements

Candidates should have a bachelor’s degree in a technology-related field or equivalent experience. Experience in cybersecurity risk management, governance, and using GRC tools is essential. Familiarity with security standards such as ISO 27001, SOC 2, and NIST is required. Strong analytical, problem-solving, and communication skills are a must. Relevant certifications (CISSP, CISM, CRISC) are preferred.

Total Rewards

This permanent hybrid role offers a competitive salary, bonus program, flexible benefits, and professional growth opportunities. Additional perks include mental health support, flexible spending accounts, dedicated learning days, and firm-wide initiatives.

Key Skills/Competency

• Cybersecurity
• Risk
• Exceptions
• Governance
• GRC
• ISO27001
• SOC2
• NIST
• Analysis
• Communication