Manager, Cyber Security Risk & Compliance
- Recruiter
- Deloitte
- Location
- New York, NY, USA
- Salary
- Competitive salary
- Posted
- 12 Nov 2019
- Closes
- 14 Nov 2019
- Ref
- 6773130
- Job role
- Accountant
- Experience level
- Manager
Are you passionate about technology and interested injoining a community of collaborative colleagues who respectfully andcourageously seek to challenge the status quo? If so, read on to learn moreabout an exciting opportunity with Deloitte's Information Technology Services(ITS). We are curious and life-long learners focused on technology andinnovation.
Work you'lldo
As the ITS Cyber Security Risk & Compliance Manager youwill supportaudits and assessment programs of the Information Technology Risk &Compliance team which includes risk management, audits, and assessments, mostlySOC 1and SOC 2, for on prem as well as cloud hosted IT applications andinfrastructure. This position is specifically responsible for understanding andassessing technology and operational risks related to internal and cloud technologysolutions and at times, asked to provide input to ITS personnel on appropriatecontrols to address those risks. The position will also work with external andinternal auditors, serving as liaison between ITS and non-ITS auditees,gathering and presenting evidence as required.
Responsibilities:
The team
InformationTechnology Services (ITS) helps power Deloitte's success. ITS drives Deloitte,which serves many of the world's largest, most respected organizations. Wedevelop and deploy cutting-edge internal and go-to-market solutions that helpDeloitte operate effectively and lead in the market. Our reputation is built ona tradition of delivering with excellence.
The ~3,000 professionals in ITS deliver services including:
Cyber Security
CyberSecurity vigilantly protects Deloitte and client data. The team leads astrategic ITS Cyber Risk Program that adapts to a rapidly changing threatlandscape, changes in business strategies, risks, and vulnerabilities. Usingsituational awareness, threat intelligence, and building a security cultureacross the organization, the team helps to protect the Deloitte brand.
Areas of focus include:
Qualifications
Howyou'll grow
At Deloitte, our professionaldevelopment plan focuses on helping people at every level of their career tohelp them to identify and use their strengths to do their best work every day.From entry-level employees to senior leaders, we believe there's always room tolearn. We offer opportunities to help sharpen skills in addition to hands-onexperience in the global, fast-changing business world. From on-the-job learning experiences toformal development programs, our professionals have a variety of opportunitiesto continue to grow throughout their career.
Benefits
At Deloitte, we knowthat great people make a great organization. We value our people and offeremployees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Deloitte's culture
Our positive andsupportive culture encourages our people to do their best work every day. Wecelebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy,centered, confident, and aware. We offer well-being programs and arecontinuously looking for new ways to maintain a culture where our people exceland lead healthy, happy lives. Learn more about Lifeat Deloitte.
Corporate citizenship
Deloitte is led by apurpose: to make an impact that matters. This purpose defines who we are andextends to relationships with our clients, our people and our communities. We believe that business has the power toinspire and transform. We focus on education, giving, skill-based volunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.
Recruiter tips
We want job seekers exploringopportunities at Deloitte to feel prepared and confident. To help you with yourinterview, we suggest that you do your research: know some background about theorganization and the business area you're applying to. Check out recruiting tips from Deloitte professionals.
As used in this posting, "Deloitte" means Deloitte Services LP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. https://www2.deloitte.com/us/en/pages/careers/articles/ban-the-box-notices.html
Requisition code: E20NATSMRGDK038-ITL5
Work you'lldo
As the ITS Cyber Security Risk & Compliance Manager youwill supportaudits and assessment programs of the Information Technology Risk &Compliance team which includes risk management, audits, and assessments, mostlySOC 1and SOC 2, for on prem as well as cloud hosted IT applications andinfrastructure. This position is specifically responsible for understanding andassessing technology and operational risks related to internal and cloud technologysolutions and at times, asked to provide input to ITS personnel on appropriatecontrols to address those risks. The position will also work with external andinternal auditors, serving as liaison between ITS and non-ITS auditees,gathering and presenting evidence as required.
Responsibilities:
- Lead and execute tasksand strategies associated with projects, audits, and assessments for on prem aswell as cloud hosted IT applications and infrastructure as required via clientcontracts, regulatory obligations, and operational objectives
- Clearly understand theon prem and cloud technology and operational risk to the Information TechnologyServices organization as well as related laws, regulations, and industrystandards, specifically as related to internal and cloud technology solutions
- Independently design,recommend, plan, develop and support implementation of project-specificsecurity solutions to meet requirements for on prem as well as cloud hosted ITapplications and infrastructure
- Recommend policies,standards, procedures, and controls to assure the confidentiality, integrity,and availability of the information technology environment for on prem as wellas cloud hosted IT applications and infrastructure
- Ensure that identifiedrisks are managed in accordance with the Risk Management program for on prem aswell as cloud hosted IT applications and infrastructure
- Manages remediation ofidentified risks and vulnerabilities; identify those within the organizationresponsible for remediation tasks and negotiate dates for remediation to becomplete; track progress on remediation of identified risks and vulnerabilitiesand provide appropriate reporting to all constituents
- Represent InformationTechnology related to internal and external assessments and/or audits ofinformation technology systems and processes, interpret results, and developand communication recommendations to management
- Participate inappropriate opportunities for continuing education, seminars, participation infield-related professional organizations, and so on to remain current ondevelopments in information security profession
- Work with the appropriateInformation Security, Office of General Counsel, Risk Management, andengagement leaders to determine scope of onsite visits, audits, and assessmentsas defined by contracts and regulatory requirements
- Develop and recommendappropriate information security policies, standards, procedures, checklists,and guidelines using generally-recognized security concepts tailored to meetthe requirements of the organization for on prem as well as cloud hosted ITapplications and infrastructure
- Develop risk/vulnerabilityassessment programs and questionnaires to aid in the identification andmitigation of security risks
- Identify and documentspecific security issues, propose resolution options, and interpret mattersfrom the perspective of involved stakeholders
- Others duties asassigned
The team
InformationTechnology Services (ITS) helps power Deloitte's success. ITS drives Deloitte,which serves many of the world's largest, most respected organizations. Wedevelop and deploy cutting-edge internal and go-to-market solutions that helpDeloitte operate effectively and lead in the market. Our reputation is built ona tradition of delivering with excellence.
The ~3,000 professionals in ITS deliver services including:
- Security, risk & compliance
- Technology support
- Infrastructure
- Applications
- Relationship management
- Strategy
- Deployment
- Project Management Office
- Financials
- Communications
Cyber Security
CyberSecurity vigilantly protects Deloitte and client data. The team leads astrategic ITS Cyber Risk Program that adapts to a rapidly changing threatlandscape, changes in business strategies, risks, and vulnerabilities. Usingsituational awareness, threat intelligence, and building a security cultureacross the organization, the team helps to protect the Deloitte brand.
Areas of focus include:
- Cyber Design
- Risk & Compliance
- Technology Risk Management
- Identity & Access Management
- Data Protection
- Incident Response and Architecture
Qualifications
- Bachelor's degree inComputer Science, Business Administration or equivalent educational orprofessional experience and/or qualifications.
- Master's Degreepreferred (e.g., Information Security, Information Protection, ComputerInformation Systems, Computer Science, Computer Engineering, InformationSystems Management)
- 6 years of directlyrelated experience in the following: managing information technology audits,assessments, remediation management, creating, leading, and managing ITS riskassessment programs. 2 year of manager responsibility
- Familiarity withprivacy laws, data protection/security regulations, AICPA related reports, andsecurity frameworks, assessments, and certifications such as ISO 27001, SSAE 18SOC 1, SOC 2, Shared Assessment Program Agreed Upon Procedures, HIPAA, HITRUST,CSA CCM, GDPR, Privacy Shield
Preferred:
- Master's Degree inInformation Security/Information Protection
- Industry certification(e.g., CISA, CISSP, CISM, etc.)
- Excellentcommunication, listening, negotiation, and facilitation skills
- Understanding andexperience with cloud technologies and security controls
- Possess a generalunderstanding of underlying infrastructure architecture including cloudsecurity, Internet, intranets, and communication protocols such as TCP, UDP,and IPSEC
Howyou'll grow
At Deloitte, our professionaldevelopment plan focuses on helping people at every level of their career tohelp them to identify and use their strengths to do their best work every day.From entry-level employees to senior leaders, we believe there's always room tolearn. We offer opportunities to help sharpen skills in addition to hands-onexperience in the global, fast-changing business world. From on-the-job learning experiences toformal development programs, our professionals have a variety of opportunitiesto continue to grow throughout their career.
Benefits
At Deloitte, we knowthat great people make a great organization. We value our people and offeremployees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Deloitte's culture
Our positive andsupportive culture encourages our people to do their best work every day. Wecelebrate individuals by recognizing their uniqueness and offering them theflexibility to make daily choices that can help them to be healthy,centered, confident, and aware. We offer well-being programs and arecontinuously looking for new ways to maintain a culture where our people exceland lead healthy, happy lives. Learn more about Lifeat Deloitte.
Corporate citizenship
Deloitte is led by apurpose: to make an impact that matters. This purpose defines who we are andextends to relationships with our clients, our people and our communities. We believe that business has the power toinspire and transform. We focus on education, giving, skill-based volunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.
Recruiter tips
We want job seekers exploringopportunities at Deloitte to feel prepared and confident. To help you with yourinterview, we suggest that you do your research: know some background about theorganization and the business area you're applying to. Check out recruiting tips from Deloitte professionals.
As used in this posting, "Deloitte" means Deloitte Services LP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. https://www2.deloitte.com/us/en/pages/careers/articles/ban-the-box-notices.html
Requisition code: E20NATSMRGDK038-ITL5