IT Compliance Senior Specialist

About Deloitte DKU

Deloitte DKU is represented in Kazakhstan and Uzbekistan, with offices in Astana, Almaty, Atyrau, and Tashkent.

Role Summary

The IT Compliance Senior Specialist works in the Data Governance and Compliance (DG&C) team which is responsible for maintaining Deloitte’s information security posture by managing risks, ensuring compliance with international standards and internal IT governance, and supporting secure system development.

Key Responsibilities

• Develop, adopt and implement security measures to protect the organization’s computer systems and applications, ensuring the confidentiality, integrity, and availability of Deloitte’s information.
• Identify, assess, model, and mitigate risks associated with cyber threats in accordance with international standards and regulatory requirements.
• Communicate security policies, standards, procedures, and guidelines to employees and, where necessary, third parties, ensuring they understand their roles and responsibilities in maintaining security.
• Provide support to Deloitte employees on data protection and cybersecurity issues.
• Monitor, detect, and respond to security incidents, conduct investigations and analyze data breaches, as well as develop measures to prevent them.
• Work closely with related departments and other teams to ensure compliance with IT governance requirements.
• Analyze the asset registers for accuracy and compliance with legal requirements.
• Analyze vulnerability scan results and prioritize remediation efforts, as well as monitor internal and external cybersecurity threats.
• Develop and maintain internal reporting to track compliance with IT policies, key compliance indicators, and risk statuses.
• Prepare and update policies, standards, and procedures to effectively manage the Information Security Management System (ISMS).
• Stay informed about the latest industry trends, regulatory requirements, and best practices.
• Monitor the compliance status of users, devices, and data with corporate security standards.
• Analyze data from information security systems.
• Develop scenarios to improve or automate manual processes.
• Ensure compliance with security requirements during IT solution development stages (SSDLC processes)

Requirements:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3 years of experience in IT, information security, or a related area.
• Knowledge of industry best practices (ISO 2700x, ISO 22301, NIST 800, ITIL, COBIT).
• Preferred certifications such as CISSP, CompTIA Security+, CCNA, or CEH.
• Self-motivated with the ability to work independently and manage multiple priorities.
• Knowledge of cyber threats, vulnerabilities, and attack vectors.
• Expertise in one or more of the following areas of cybersecurity: Cyber Incident Response, Vulnerability Management, Advanced Threat Protection, Identity and Access Management, Incident Response
• Proficiency in corporate Microsoft systems.
• Power BI skills for building management reports.
• Understanding of Secure Software Development Life Cycle (SSDLC) principles.
• Preferred experience with SIEM and DLP tools: log analysis, event monitoring, and user behaviour analysis.
• Understanding of technical aspects of IT infrastructure virtualisation.
• High ethical standards and integrity.
• Willingness to travel as required.