Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte's Information Technology Services (ITS). We are insatiably curious and life-long learners focused on technology and innovation. Security Analyst - Enabling Areas
Open - Any US Office Work you'll do
The Security Analyst works directly with Deloitte Enabling Areas Business Information Security Officer (BISO) and the EA Cyber Consultants to support and promote Information Security initiatives across US and USI infrastructure and operations. In this role, the individual will help improve our partnership with the eight (8) portfolio teams that comprise the Enabling Areas. Collaboration with EA relationship managers and their staff, business stakeholders and technical support teams will be required to ensure security program adoption, and the secure enhancement of Deloitte technology and capabilities as we migrate to more cloud enabled solutions.
The Security Analyst will support the development and validation of security requirements, and completion of security evaluation and testing. Additionally, validating adherence to security policies, standards, and industry-accepted best practices. This will include determining security requirements, design specifications, and compliance controls as well validating adherence to security policies, standards, and industry-accepted best practices with a focus on cloud security, secure software development lifecycle (SSDLC), ISO27001 compliance, regulatory security compliance, Identity and Access Management (IAM), and/or business application security. This role will assist in the creation of a unified approach to security to support the rapid evolution and innovation needs of our information technology projects and cloud and identity migration efforts. Additionally, this role will assist in the creation and business adoption of a unified governance to security to support the evolution, compliance, and innovation needs of our technology projects and cloud migration efforts required in each of the Enabling Areas
The Security Analyst will support the development of information technology solutions by leading and evaluating the security components of architectures and compliance in key cyber areas such as cloud security, IAM, application vulnerability management, and/or data protection. Responsibilities
- Assist in the develop security architecture and guiding principles to support information technology initiatives specific to the Enabling Areas
- Support Executive Protection Program by designing operations, curriculum and content
- Provide structured education to specific Deloitte populations to ensure awareness of common threats within the environment
- Influence and coordinate a secure approach to the development of solutions across the Enabling Areas and global firm
- Deliver technical and governance guidance related to enhancing the security posture of information technology solutions
- Participate in the roll out of the security governance model, establishing policies, standards and best practices
- Gather requirements needed in addressing changes in the external threat landscape that have an impact on the use of on-premise and cloud computing technologies
- Assist with the integration of security into cloud services delivery standards ensuring EA data protection
- Develop and deliver communications to C-level management and company-wide stakeholders
- Assist in the development of the EA Cyber Security operating model
- Provide support for the implementation of Cyber initiatives (PAM, MFA, TOM)
- Up to 10% travel
Information Technology Services (ITS) helps power Deloitte's success. ITS drives Deloitte, which serves many of the world's largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~2,500 professionals in ITS deliver services including:
- Security, risk & compliance
- Technology support
- Relationship management
Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of focus include:
Minimum Qualifications Education:
- Cyber design
- Risk & Compliance
- Technology Risk Management
- Identity & Access Management
- Data Protection
- Incident Response and Architecture
Bachelor's Degree or equivalent experience in Information Security, Computer Science, or Information Systems Years of Experience:
3+ years of related experience, with 1+ years of cybersecurity and/or risk management experience. Related IT experience in organizations of a similar scale or client-service experience in the field will be considered in lieu of 1+ years of cyber/risk management experience. Other Specific Skills or Knowledge
How you'll grow
- Organizational skills and experience, including project- or role-based experience in the following: policy and standards, risk management and reporting, and change management / adoption
- C-level and executives (Partners/Principals and Managing Directors) interaction experience
- Experience working with cross-functional teams and executive level stakeholders
- Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tact
- Knowledge and experience across multiple information protection and security domains
- Knowledge of IT asset management and/or configuration information database (CMDB)
- General knowledge of general security practices such as identity and access management (IAM), encryption, and multi-factor authentication, security information and event management (SIEM), and others.
- Broad knowledge and experience across IT infrastructure with security frameworks and standards such as ISO 17799/27001, NIST, PCI, and other relevant security-related regulations
- Ability to frame and communicate security and risk-related concepts to technical and nontechnical audiences at various levels.
- Professional security certifications such as CISSP, CCISO, or CISA or equivalent is preferred.
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte's culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world. Recruiter tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals.
As used in this posting, "Deloitte" means Deloitte Services LP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. https://www2.deloitte.com/us/en/pages/careers/articles/ban-the-box-notices.html
Requisition code: E20NATSASCLJ035-ITL4