Manager - Control Assurance

Job Requisition ID: 41351 

• Lead Essential Eight maturity assessments and control assurance work that helps clients strengthen cyber resilience in practical, measurable ways
• Tackle big issues like cyber, trust, resilience and digital transformation
• Mentoring, coaching and leadership programs to help you make an impact that matters

This is a Manager opportunity in our Cyber GRC team, based in Melbourne or Sydney with a hybrid work model, where you'll help organisations lift control maturity, navigate compliance obligations, and build more resilient cyber environments.

What will your typical day look like?

This role brings together cyber risk, control assurance, and hands-on uplift planning. You'll lead assessments across frameworks including ASD Essential Eight, ISO 27001 and NIST CSF, review control design and evidence, and test whether controls are working as intended in practice. That could mean validating Group Policy settings, endpoint security configurations, identity controls, and operational processes across complex environments.

A big part of your impact will come from turning assessment findings into action. Working with control owners, technology teams, vendors, and senior stakeholders, you'll identify gaps, define remediation priorities, and track uplift progress against risk appetite and regulatory expectations. You'll also present outcomes to governance forums and produce reporting that is clear, auditable, and useful to decision-makers.

At Manager level, you'll be trusted to lead fieldwork, guide stakeholders through ambiguity, and bring structure to fast-moving programs. The work is varied - from supporting audit and regulatory engagements to aligning Essential Eight outcomes with broader cyber and compliance frameworks - and you'll collaborate with specialists across cyber, risk, and technology to help clients improve where it matters most.

About the team

Our Cyber GRC team helps organisations understand their cyber risk, strengthen control environments, and respond to growing regulatory and stakeholder expectations. The team works across governance, assurance, compliance, and resilience, supporting clients on challenges that span Essential Eight, ISO 27001, NIST CSF, cloud, identity, third-party risk, and broader cyber uplift. It's a space where technical depth, sound judgement, and strong client relationships all matter.

Enough about us, let's talk about you

You may have all or some of the following skills/experiences:

• Experience in cyber GRC, risk, assurance, or control testing roles, with the ability to lead assessments and fieldwork
• Hands-on experience conducting ASD Essential Eight maturity assessments and validating maturity claims with technical evidence
• Strong understanding of frameworks and standards such as ISO 27001, NIST CSF, CIS Controls, and relevant Australian regulatory requirements
• Experience reviewing control design, assurance testing, and working with stakeholders to improve control effectiveness
• Confidence engaging infrastructure, cloud, endpoint, identity, and vendor stakeholders to define practical remediation actions
• Strong written and verbal communication skills, including executive reporting and presenting outcomes to governance forums
• A pragmatic, risk-based approach and the judgement to balance security uplift with operational feasibility
• Relevant certifications such as CISSP, CISM, CRISC, or exposure to ASD / IRAP would be beneficial

Why Deloitte?

At Deloitte, we focus our energy on interesting and impactful work. We're always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone's perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong.

We value in-person connection with our clients and our colleagues. We offer several ways for you to work flexibly so that you can serve your clients, stay connected with your team, and manage your personal priorities.

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package.

Next Steps

Sound like the sort of role for you? Apply now, we'd love to hear from you!

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.