Cybersecurity Contractor

Position Summary

We are seeking a Cybersecurity contractor to support Information Technology Services (ITS) Cyber Security, Risk & Compliance (CSRC) programs, with a primary focus on third-party security risk assessments. In this role, you will assess security, confidentiality/privacy, and operational risks associated with vendor solutions and ensure risks are managed in alignment with the organization’s Risk Management Program, applicable laws/regulations, and industry security standards. Security awareness and training activities will also be part of this position.

Key Roles And Responsibilities

• Conduct information security assessments of third-party vendors to determine their ability to protect confidential data.
• Enhance risk/vulnerability assessment programs and questionnaires to support identification and mitigation of security risks.
• Identify and document information security vulnerabilities and risks in the technology environment.
• Evaluate vulnerabilities and risks, partnering with business owners, risk management, and vendor representatives.
• Define remediation tasks for identified vendor risks and vulnerabilities; negotiate remediation timelines.
• Track remediation progress and provide clear reporting to stakeholders.
• Monitor appropriate sources for newly identified vulnerabilities, evaluate risk to the organization, and advise management on mitigation actions.
• Stay current on evolving security tools and techniques and research options that could improve protection of information and infrastructure.
• Maintain expertise in identifying security risks across hardware, software, and systems used by the organization.
• Participate in continuing education and professional development to remain current in cybersecurity.
• Ensure identified risks are managed in accordance with the Risk Management program.

Qualifications

• Experience performing third-party/vendor information security assessments (including evidence review and control evaluation).
• Working knowledge of security, privacy, and operational risk concepts (confidentiality/privacy, resilience, and control effectiveness).
• Familiarity with common standards/frameworks (e.g., NIST, ISO 27001, SOC 2) and ability to align vendor controls to requirements.
• Strong communication skills—able to write clear findings, risk statements, and remediation plans for technical and business audiences.
• Strong stakeholder management and follow-through to drive remediation to closure.

Preferred Qualifications

• Current industry certification such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control), or similar.
• Experience with RSA Archer, specifically the Vendor Management module.
• US Citizen is preferred

Work Arrangement & Compensation

This is a remote contract assignment with a preference for candidates located near Hermitage, PA. The expected pay range is $50 - $55 per hour. Candidates must be geographically based in the United States and legally authorized to work without sponsorship.

About Deloitte

Deloitte fosters an inclusive culture, empowering its people to contribute unique perspectives. This contract work is provided through a third-party to Deloitte.

Key skills/competency

• Third-party Risk Assessment
• Vendor Security
• Information Security
• Risk Management Program
• NIST Framework
• ISO 27001
• SOC 2 Compliance
• Vulnerability Management
• Cybersecurity Auditing
• Stakeholder Management