Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte's Information Technology Services (ITS). We are curious and life-long learners focused on technology and innovation.

Work you'll do

We are seeking an experienced Cybersecurity Data Protection Manager to join the US Cybersecurity Data Protection Team. This is a Senior Cyber Security Role that is highly strategic, requires prior hands on technical cyber security engineering experience and will have the responsibility to provide data security direction and guidance for all US data protection initiatives. This person will play a key role in ensuring consistent implementation of data security controls and design principles within Deloitte US Member Firm, and to help understand where our data resides, and how to protect it. The role requires cyber security and data security industry knowledge, leadership and collaboration skills to work with Senior Managers, Technical Delivery Managers, Business Information Security Officers, Program Management Office, Data Owners, Data Custodians, IT Infrastructure Teams, Confidential and Privacy Champions, Office of Confidentiality and Privacy Leadership etc. in a cross functional environment. The successful candidate will report directly to the US Data Protection Senior Manager, and their role will be to act as a Senior Security Architect/Engineer, primarily focused on areas of data protection, data access governance, data classification, data loss prevention and data encryption.

Responsibilities:

As part of the US Data Protection team, this professional will have the following core responsibilities:

• Act as a subject matter expert in the areas of Data Classification and Rights Management, Key and Certificate Management, Web Protection Web Protection/CASB service, data loss prevention, data access governance, cloud data loss prevention, cloud access security broker, data encryption and other data protection related technologies.
• Drive the implementation of appropriate controls around the use, storage, management and distribution of unstructured data within Deloitte US member firm.
• Support the Data Classification and Rights Management Service Owner in adoption, growth and roll out of the service within Deloitte US Member Firm.
• Review technology designs with analysts, focusing on data protection principles and technologies, taking local, regional and US regulatory requirements into account (e.g. SOX, HIPAA, PCI etc.).
• Work with Office of Confidentiality and Privacy, Business Information Security Office, Deloitte Business Leaders and Enabling Areas on practical implementation of data protection policies and controls across Deloitte US Member Firm.
• Communicate and serve as a Technical Subject Matter Expert overseeing the implementation of data security solutions required to meet business objectives.
• Lead the technical configuration, implementation, administration and management of multiple data protection cyber security products and solutions.
• Perform vendor evaluations and proof of concepts for service improvements, in-flight projects, and emerging technologies.
• Investigate, design & architect cyber data protection controls as they are identified.
• Develop and maintain an in-depth understanding of Deloitte's business processes, core systems, technologies, data, client engagement teams and customers.
• Closely collaborate with Global Cybersecurity Data Protection Team to help develop US Data Security technical roadmap.
• Assist with the implementation and translation of data security policies.
• Establish effective working relationships across various line of business and US member firm security & IT leaders to understand their business requirements to help execute their business strategy.
• Be up to date on industry trends around cyber risk and data protection practices.
  

The team

Information Technology Services (ITS) helps power Deloitte's success, which serves many of the world's largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.

The ~3,000 professionals in ITS deliver services including:

• Cyber Security
• Technology Support
• Technology & Infrastructure
• Applications
• Relationship Management
• Strategy & Communications
• Project Management
• Financials
  

Cyber Security

Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.

Areas of focus include:

• Risk & Compliance
• Identity & Access Management
• Data Protection
• Cyber Design
• Incident Response
• Security Architecture
• Business Partnership
  

Basic Qualifications

• Bachelor's degree in IT, Cyber Security, Computer Science or equivalent educational or professional experience and/or qualifications.
• Minimum 8 years of IT experience areas of focus without degree
• Minimum 6 years of IT experience areas of focus with degree
• Minimum 3 years in a Cybersecurity/Data Protection Manager related role.
  

Preferred Qualifications

• At least one professional cyber security certification designation required such as CISSP, CISA, CISM, CCSP, CEH, SANS GIAC, CRISC, CompTIA Security+ etc.
• Demonstrated ability to technically assist and guide work of team: cyber security analysts and engineers in developing and implementing Cyber Data Protection solutions and capabilities that are clearly aligned to business, technology, and threat drivers Hands on experience in at least two areas of the below Cyber Data Protection technologies:
• Key and Certificate Lifecycle Management Technology (i.e., Venafi TPP, Vormetric)
• Next Generation Antivirus and Endpoint Detection and Remediation Technology (i.e., Cylance, Crowdstrike Falcon, Microsoft Defender, VMware Carbonblack etc.)
• Cloud Access Security Broker Technology (i.e., McAfee CASB, Broadcom CASB, Netskope CASB etc.),
• Web Protection Technology (i.e., Symantec WSS, Zscaler, Forcepoint Web Proxy, Cisco Ironport etc.)
• DNS Security Technology (Cisco OpenDNS, Infoblox Threatgrid etc.)
• Data Classification and Rights Management Technology (i.e., Microsoft Azure Information Protection, Boldon James, Titus etc.)
• Data Encryption Technologies
• Data Loss Prevention Technology (Symantec DLP, McAfee DLP, ForcePoint DLP)
• Public Key Infrastructure Platform (Digicert, GeoTrust, Verisign etc.)
• Broad knowledge and experience across IT infrastructure with security frameworks and standards such as ISO 17799/27001 and other relevant security-related regulations such as PCI, HIPAA, SOX etc.
• Lead the technical configuration, implementation, administration and management of multiple data protection cyber security products and solutions
• Lead and define vendor evaluations and proof of concepts for service improvements, in-flight projects, and emerging technologies
• Be up to date on industry trends around cyber risk and data protection practices
• Develop and maintain an in-depth understanding of Deloitte's business processes, core systems, technologies, data, client engagement teams and customers
• Lead collaboration with Global Cybersecurity Data Protection Team to help develop US Data Security technical roadmap
• Excellent organizational, communications (oral and written), problem solving, customer service and interpersonal skills
• Demonstrated track record in sound judgement, strong attention in detail, developing quality work products and effective resolution of customer issues with cyber security technologies
• Remain calm while retaining your ability to influence others in high pressure situations
• Highly collaborative work ethic, demonstrated agility and strong teaming skills
• Quick and eager learner to apply new skills and technologies in a results-oriented manner
  

Certification

• Professional security certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security+ etc.
  

Skills/abilities

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security topics, policies, and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels

Ability to translate technical/security issues to business users

Strong relationship, team building and facilitation skills

Knowledge and experience of Information Security Risk and Security governance

Ability to travel as needed (but no more than 15-20%)

Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

For individuals assigned and/or hired to work in Colorado or Nevada, Deloitte is required by law to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the State of Colorado and the State of Nevada and takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $104,575 - $192,590.

EA_ExpHire

EA_ITS_ExpHire

FY23 US_Cyber Security_88