Deloitte Job - 32752023 | CareerArc
  Search for More Jobs
Get alerts for jobs like this Get jobs like this tweeted to you
Company: Deloitte
Location: Chicago, IL
Career Level: Associate
Industries: Business Services, Consulting

Description



 



Strategic

•        Act as a global cybersecurity lead to implement strong security practices, design patterns, threat modelling and culture to support moving to a DevSecOps model, driving high quality and speed to market applications and services across Deloitte Global and Deloitte member firms SAFe-agile teams.

•        Integrate cybersecurity into the organizational adoption and improvement of agile practices using the SAFe framework.

•        Work with cloud migration teams to help large scale application migration to the multiple cloud environments

•        Collaborate with development organizations and cloud teams to automate security into those application development hubs and pipelines.

•        Partner with development teams and Shared Services team leads to create, implement and apply DevSecOps principles, processes and culture that are consumed by delivery teams across the portfolio of applications and services.

•        Provide cybersecurity subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.

•        Advocate appropriate cybersecurity software engineering practices such as business and technical requirements definition, threat modelling, secure coding, automation of CI/CD pipeline, security requirements verification, unit testing, code reviews, full build testing, and quality engineering practices to the teams to improve end to end secure delivery practices.

•        Actively partner with member firm security teams and cloud development hubs to ensure appropriate security practices are communicated and implemented within their application security programs. Support adherence and awareness of these practices.

•        Understand operational risks to lines of business, weighing security concerns against business needs. Set up appropriate processes to communicate and escalate those concerns.

•        Train the product teams how to “build in” security into their products.

•        Empower the engineering teams to own their product security.

•        Create a security culture across the end to end Deloitte Software Delivery life cycle.



 



Operational

•        Lead a team of security software developers to integrate security into business agile processes.

•        Provide subject matter expertise on DevSecOps, cloud architecture, building secure software and implementation of security controls in an agile environment.

•        Harden infrastructure and development pipelines from attack by implementing strong Security Development Lifecycle (SDL) tools and processes

•        Work with Shared Services to define and implement security metrics for automated test suites to track security testing and risk issues.

•        Recommend enhancements and/or changes to controls as appropriate to improve operational security aligned with business goals and cybersecurity policies.



 



Relationship Management

•        Coordinate closely with Global Digital Application Studios, US Digital Application Studios and other member firm IT software development teams concerning security integration.

•        Maintain a strong working relationship with the Global Cybersecurity Shared Services and Strategy, Compliance & Governance Leader and teams for implementation of and updates to security policies and processes along with the evolution of Shared Security services.

 



Strategic

•        Act as a global cybersecurity lead to implement strong security practices, design patterns, threat modelling and culture to support moving to a DevSecOps model, driving high quality and speed to market applications and services across Deloitte Global and Deloitte member firms SAFe-agile teams.

•        Integrate cybersecurity into the organizational adoption and improvement of agile practices using the SAFe framework.

•        Work with cloud migration teams to help large scale application migration to the multiple cloud environments

•        Collaborate with development organizations and cloud teams to automate security into those application development hubs and pipelines.

•        Partner with development teams and Shared Services team leads to create, implement and apply DevSecOps principles, processes and culture that are consumed by delivery teams across the portfolio of applications and services.

•        Provide cybersecurity subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.

•        Advocate appropriate cybersecurity software engineering practices such as business and technical requirements definition, threat modelling, secure coding, automation of CI/CD pipeline, security requirements verification, unit testing, code reviews, full build testing, and quality engineering practices to the teams to improve end to end secure delivery practices.

•        Actively partner with member firm security teams and cloud development hubs to ensure appropriate security practices are communicated and implemented within their application security programs. Support adherence and awareness of these practices.

•        Understand operational risks to lines of business, weighing security concerns against business needs. Set up appropriate processes to communicate and escalate those concerns.

•        Train the product teams how to “build in” security into their products.

•        Empower the engineering teams to own their product security.

•        Create a security culture across the end to end Deloitte Software Delivery life cycle.



 



Operational

•        Lead a team of security software developers to integrate security into business agile processes.

•        Provide subject matter expertise on DevSecOps, cloud architecture, building secure software and implementation of security controls in an agile environment.

•        Harden infrastructure and development pipelines from attack by implementing strong Security Development Lifecycle (SDL) tools and processes

•        Work with Shared Services to define and implement security metrics for automated test suites to track security testing and risk issues.

•        Recommend enhancements and/or changes to controls as appropriate to improve operational security aligned with business goals and cybersecurity policies.



 



Relationship Management

•        Coordinate closely with Global Digital Application Studios, US Digital Application Studios and other member firm IT software development teams concerning security integration.

•        Maintain a strong working relationship with the Global Cybersecurity Shared Services and Strategy, Compliance & Governance Leader and teams for implementation of and updates to security policies and processes along with the evolution of Shared Security services.

Maintain a strong working relationship with the Global Cybersecurity Shared Services Leader and team for implementing application security testing shared services.Maintain a strong working relationship with the Global Cybersecurity Shared Services Leader and team for implementing application security testing shared services.


#GLBCyber



 



Education

•        Bachelor's degree: degree in computer science, a technology-related field, or equivalent education-related experience

•        Master's degree preferred

 

 



Work experience

•        Must have at least 2-3 years leadership experience as Agile Security Leader for a large multinational organization.

•        Knowledge of Agile Engineering practices including DevSecOps (CI-CD, Test Driven Development, etc.) and security automated testing.

•        Minimum of 10 years of combined experience in information security programs and agile development with focus on information security context

•        Minimum of 5 years holding a management and leadership role

•        Minimum of 5 years of application security experience with interpreted and compiled programming languages, preferably in C#, C++, Java, Python, Perl, and /or PowerShell scripting.  Must have actual development experience in an Agile environment.

•        Application security experience with Windows and Linux based applications

•        Experience working with teams on multi-tiered, complex distributed web applications (C#, C++, Java, Python, Perl, PowerShell, etc.)

 



Certification

•        Agile Certifications like CSM, CPO, CSP, Leading SAFe, Certified Scrum Professional

•        Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials



 



Skills/abilities

•        Strong collaboration skills and the ability to work in a decentralized organization with many stakeholders.

•        Strong working knowledge of Agile, SAFe, and DevSecOps.

•        Strong knowledge of the Secure Software Development Lifecycle and end to end development processes.

•        Working knowledge of Azure DevOps (ADO), GIT, JIRA, Jenkins, Docker, Puppet, Chef and other Agile CI/CD and project management tools and Kanban boards.

•        Active software development in an Agile environment.

•        Experience developing and teaching of threat modelling for applications teams

•        Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels

•        Sound knowledge of business management and an expert knowledge of information / cybersecurity application solution design and testing

•        Strong knowledge of key cybersecurity technologies such as network security tools (firewalls, intrusion detection system (IDS)/ intrusion protection system (IPS), content filtering, network access control (NAC), end-point protection (AV, EDR, MDM), data loss prevention, encryption, vulnerability management, and security information and event management (SIEM)

•        Strong knowledge and understanding of information security legal and regulatory requirements, such as General Data Protection Regulation (GDPR), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard

•        Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework

•        Experience interacting, presenting and working with C-level executives (CEO, CIO, etc.)

•        Ability to manage a global team in a matrix environment

Ability to travel as needed up to 30%



see above


All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.



Disclaimer:

Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com



Requisition code: D65834


 Apply on company website