Deloitte Job - 31167774 | CareerArc
  Search for More Jobs
Get alerts for jobs like this Get jobs like this tweeted to you
Company: Deloitte
Location: Glen Mills, PA
Career Level: Mid-Senior Level
Industries: Business Services, Consulting

Description



Work you'll do:

As part of the global Cybersecurity team, this professional will:



Strategic

• Responsible for day to day management of the Global Cybersecurity Technology Hardening Practices Program

• Develop and maintain leadership approved roadmap of documented infrastructure and end user technology hardening practices

• Collaborate with Global technology teams and colleagues to write hardening practices, ensuring alignment with Global security policies and standards, published risk assessments and reference architectures for security solutions

• Work with global business functions (Tax, Audit, Consulting, etc), and Global Digital Application Studios to ensure hardening practices align and support business processes and models. Understands the impact security hardening practices have on the respective organizations and their ability to effectively deliver client services

• Prepare governance materials for hardening practice documents and support them through the global governance process

• Working with the Cyber Defense group and the Security Operations Center, evaluate the effectiveness of the hardening practices in relation to actual intrusions seen on the Deloitte network, reported threats at peer organizations and overall cybersecurity threats in the Internet ecosystem

• Monitor security blogs, articles, and reports and remain current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends. Where relevant, notify leadership to incorporate information into processes, procedures, and hardening practices documents





Operational

• Translate global information security policy requirements and standards into sound and practical global cybersecurity hardening practices for infrastructure and end user computing technologies

• Perform in-depth vulnerability management analysis to identify required hardening practices

• Perform testing and validation of proposed hardening practices, factoring in system and practitioner impact and cost

• Provide oversight and assurance of cybersecurity hardening practices in development and deployment through to system/project go-live

• Provide input and subject matter expertise (SME) review of new and updated Cybersecurity policies and standards, providing feedback from a practicality and capability perspective of technical implementation





Relationship Management

  • Create, develop and maintain strong relationships with key leaders across multiple technical and non-technical DTTL networks, understanding system administrator and end user needs, including potential impact hardening practices may have on their day to day roles and Deloitte's ability to serve clients
  • Socialize content with DTTL and member firm leaders/SMEs
  • Holds a strong working relationship with the Global Cybersecurity Strategy and Governance team (who oversee the creation of cyber standards and policies), Shared Security Services Team (who run security services) and Security Architecture Manager to ensure hardening practices align with approved security policies, standards and architecture patterns
  • Works closely with the Shared Security Service Owners to ensure new hardening practices receive appropriate testing prior to deployment into production

• Works with the Global Business Services and Member Firm Services organizations to ensure hardening practices align with business needs and requirements



What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Deloitte Global supports our talented professionals in answering the question: What impact will you make?

Who you'll work with:

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do — that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters. #GLBArchEng
#GLBCyber
\n\n\n\n\n\n\n\n



Education

\n

• Bachelor's degree: degree in business administration, a technology-related field, or equivalent education-related experience

\n\n



Work experience

\n

• Minimum of 7 years of combined experience in engineering and solution design in an information security context

\n

• At least 3 years holding a management and leadership role

\n

• Proven track record and experience of the following in a highly complex and global organization:

\n

o driving information / cybersecurity strategy

\n

o driving implementation of a tailored governance framework

\n

o developing and driving security requirements across a broad spectrum of infrastructure and end user computing technologies

\n



Certification

\n

• Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials

\n

• Member of IISP or have the qualification, skills and experience to become a member

\n

• Relevant technical certification preferred (CISSP-ISSEP, CEH, CCNP Security, GSEC)

\n



Skills/abilities

\n

• Exceptional written and verbal English language communication skills

\n

• Excellent interpersonal and collaborative skills, with ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels

\n

• Sound knowledge of business management and an expert knowledge of information / cybersecurity engineering and solution design and the ability to translate those into clearly documented security hardening practices

\n

• Expert knowledge of key cybersecurity technologies such as application security design principles, authentication and authorization models, secure coding, application and penetration testing, encryption, system hardening, vulnerability management, open source systems and security information and event management (SIEM)

\n

• Strong knowledge and understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard

\n

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework

\n

• Advanced competency in Microsoft Office technologies

\n

• Ability to manage a global team in a matrix environment

\n

• Ability to multi-task, prioritize work and work independently

\n

• Process-oriented mind set

\n\n \n

• A demonstrable passion for the field of Information Security



Other Qualifications:

Master's degree preferred

\n

Relevant technical certification preferred (CISSP-ISSEP, CEH, CCNP Security, GSEC)

\n

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.



Disclaimer:

Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com



Requisition code: D50229


 Apply on company website