Are you energized by helping organizations protect their data and build client trust? Do you want to work in one of the world's largest holistic internal cybersecurity organizations? If you're interested in proactively preventing, detecting, and responding to cyber attacks across a complex global footprint, then Deloitte Global could be the perfect place for you. We're looking for an analytical thinker passionate about cybersecurity to join our team.
Work you'll do:
Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national Member Firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.
The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte Member Firms through regional delivery hubs and a Global Fusion Center. We are seeking an Integrated Requirements Manager to join the team.
The Integrated Requirements Manager reports to the Program Leader within the DTTL Cybersecurity organization. The role focuses on operationalizing, supporting and the integrated requirements library in accordance to standards/policies/regulations applicable to Deloitte and providing subject matter expertise in this area. The role will also require understanding of the control landscape of Deloitte Member Firms.
As part of the Global Cybersecurity team, this professional shall:
* Maintains integrated requirements library in accordance to standards/policies/regulations applicable to Deloitte
* Extracts controls language from the control requirements and aligns control requirements to the control language
* Identifies any new requirements or updates to any of the sources included in the Integrated Requirements Library (IRL)
* Maps the requirements from the additional industry sources to the Integrated Requirements Library
* Aligns the control/risk statements with the metrics defined
* Updates the IRL periodically based on any changes in the IT regulations, standards, and policies
* Understands the alignment between the integrated control requirements and Deloitte internal standards
* Develops recommendations to facilitate the development of new or updated IT policies and the retirement of policies
* Identifies gaps in existing control framework
* Identifies and prioritizes the most important information security and privacy-based authoritative sources that are to be addressed by the library
* Contributes to, monitors, tests, reviews and constructively challenges IT operational teams and business units on their assessment of cybersecurity policies, and standards
* Analyzes the level of fulfilment of control implementation between the metrics defined
* Provides inputs for customizing the IRL according to the requirements of the Member Firms (MFs)
Travel as needed up to 20%.
What you'll be part of-our Deloitte Global culture:
At Deloitte, we expect results. Incredible-tangible-results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.
Deloitte Global supports our talented professionals in answering the question: What impact will you make?
Who you'll work with:
The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte's global network of firms around the globe.
How you'll grow:
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.
Benefits you'll receive:
Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do - that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
To be considered for this role, there are certain qualifications you'll have to have. And others that would be really, really nice.
* Minimum of 8-10 years of combined experience in the Information Security / Cybersecurity domain with a focus on strategy development and governance design
* At least 3 years holding a management and leadership role
* Proven track record and experience of the following in a highly complex and global organization:
* developing and driving information / cyber risk management
* designing and driving implementation of a tailored governance framework
* connecting closely with operational leadership to make strategy and governance relevant for day-to-day operations
* Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
* Sound knowledge of business management and an expert knowledge of information security risk management
* Knowledge of common risk management frameworks like NIST 800-30, ISO 27005, ISO 31000, FAIR, IRAM 2, CIS RAM etc.
* Experience interacting, presenting and working with C-level executives (CEO, CIO, etc.)
* Ability to manage a global team in a matrix environment
Education and experience:
* Bachelor's degree: Degree in Business Administration, or technology-related field, or equivalent education-related experience
* Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
* Member of IISP or have the qualification, skills and experience to become a member
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com
Deloitte will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance, where applicable. See notices of various ban-the-box laws where available. https://www2.deloitte.com/us/en/pages/careers/articles/ban-the-box-notices.html
Requisition code: DE19USAGTS005FF1180