Vendor Cyber Risk Manager

Job Requisition ID: 37382 

• Great opportunity to work with decision makers at the world’s most innovative global consulting firm
• Flexible work arrangements – work in a way that suits you best!
• Learn from the best in the business

We are seeking a highly skilled and experienced Cybersecurity Manager to lead our Vendor Cyber Risk Management program. The successful candidate will be responsible for overseeing and enhancing our processes for assessing, monitoring, and mitigating cybersecurity risks associated with third-party vendors. This role requires a strategic thinker with strong technical expertise and excellent communication skills to ensure our vendor relationships are secure and compliant with industry standards.

What will your typical day look like?

Key Responsibilities:

• Vendor Risk Assessment – Conduct cybersecurity risk assessments for vendors, develop a risk framework, and evaluate potential security threats in vendor products/services.
• Risk Mitigation – Implement risk mitigation strategies, ensure vendor adherence to security standards, and monitor compliance with contractual and regulatory requirements.
• Vendor Management – Build strong vendor relationships, conduct security audits, and provide guidance to improve vendor cybersecurity practices.
• Policy & Procedures – Develop and maintain vendor cyber risk policies, ensuring clear communication and enforcement across the organization.
• Incident Response – Collaborate with the Incident Response Team to address vendor-related security incidents and provide detailed analysis for prevention.
• Training & Awareness – Lead cybersecurity training for internal teams, promote vendor risk awareness, and foster a culture of cybersecurity vigilance.
• Reporting & Metrics – Develop reporting mechanisms to track vendor risk status, trends, and mitigation efforts, providing insights to senior management.

About the team
Our CISO team is a diverse and highly skilled group committed to securing Deloitte against evolving cyber threats. We work across multiple security disciplines to govern, design, defend, operate, and enhance our cybersecurity capabilities, ensuring resilience and regulatory compliance.

This role presents an exciting opportunity to lead and shape the VCRM capability, working closely with the broader security teams to strengthen our third-party risk posture. We foster a collaborative and supportive culture, where innovation and knowledge-sharing are encouraged.

If you're looking for a role where you can make a tangible impact, drive vendor security, and contribute to a strong cybersecurity ecosystem, we’d love to hear from you!

Enough about us, let’s talk about you.

You are a cybersecurity professional with a passion for managing vendor risks and strengthening third-party security practices. You thrive in collaborative environments, can navigate complex vendor relationships, and are proactive in identifying and mitigating cyber risks.

You are someone with:

Required:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Minimum of 5-7 years of experience in cybersecurity, with at least 3 years in a vendor risk management role.
• Relevant certifications such as CISSP, CISM, CRISC, or equivalent.
• Strong understanding of cybersecurity frameworks, standards, and regulations (e.g., NIST, ISO 27001, CIS Controls).
• Experience with cybersecurity risk assessment tools and methodologies.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong interpersonal and communication skills, with the ability to work effectively with both technical and non-technical stakeholders.
• Proven ability to manage multiple projects and priorities in a fast-paced environment.

Why Deloitte? 

At Deloitte, we focus our energy on interesting and impactful work. We’re always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.  

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone’s perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong. 

We prioritise flexibility and choice. At Deloitte, you get trust on Day 1. We know our people get their best work done when they’re in control of where and how they work, designing their work week around their client, team and personal commitments.

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package.

Next Steps 
Sound like the sort of role for you? Apply now. 

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.