Incident Response and Threat Intelligence Senior Manager

Serves as the subject matter expert and project leader for the Global Information Security Office (GISO) and Shared Technology Services (STS) Incident Response functions. This role is responsible for leading the global IT security incident response process by working with Global Technology Services (GTS) and member firm security teams to detect, contain, eradicate, notify and recover from a cyber-incident. Acts as an incident response leader/handler for cyber security incidents including forensic investigation/analysis, advanced incident handling, intelligence gathering, forensic research, and formal incident investigation.

Is comfortable leading and managing end-to-end Incident Response lifecycle and can determine criticality, provide recommendations and assess post-mortem activities for individual incidents across a global enterprise. Works closely with management, other team members, development teams, business analysts, firm leaders and end users to ensure data protection for systems used by all areas the organization. Has supervisory experience, and can contribute to engagement planning. May specialize in areas/practices such as vulnerability management, security intelligence, security architecture, compliance frameworks, and the operation of advanced security tools or operations.

This individual would be expected to have experience in project management, budgeting, and team and resource management and be able to identify areas of potential risk, potential cost savings and operational efficiencies that will reduce the overall risks to client and firm data resources.

The position is a primary advisor to leadership for crisis management and cyber incident response.

May provide work leadership to other employees; leads projects that include participants from other countries in cross border operations.

Illustrative Duties and Responsibilities

  • Oversees the design, development and coordinates the implementation of common information security processes for cyber incident response, both at the global and member firm levels.
  • Works as the service leader for the STS Global Incident Response service.
  • Serves as a subject matter expert within GISO and to member firms on IT security incident response.
  • Identifies security exposures that currently exist, or are emerging, and that create potential threats to Deloitte's infrastructure, systems or data. Notifies leadership of potential or existing threats and proposes risk mitigating strategies to leadership. Advises on acceptable mitigating controls related to Policy and Standard Exceptions ensure they are documented, including mitigating security controls, necessary approvals, and exception duration.
  • Oversees the design of the incident response platform (ServiceNow) to incorporate IT security requirements and acts as the business owner on the roll-out to member firms
  • Engages with DTTL Legal, Talent, Risk, Privacy, Confidentiality and other business leaders as deemed necessary based on the type and severity of a cyber-incident.
  • Works to align the incident response services to the global security strategy and implementation of cyber acceleration. Coordinates budget and strategic planning to align with GISO, STS and Acceleration priorities.
  • Demonstrates knowledge in one or more of the following domains: IT Risk, GRC, IAM, SIEM, SOC operations, Threat Intelligence Research, CSIRT, BCP/DRP.
  • Serves as a professional mentor for assigned staff with regard to professional development processes.
  • Provides significant input into the annual strategic planning and budget processes and identifies cost effective operations in a manner consistent with the strategic and budgetary requirements.
    Performs other job-related duties as assigned.


  • Required Technical Skills

    May include understanding of application security concepts: such as Software Development Life Cycle, secure coding methodology and application security scanning technology.

    Additionally, should possess one or more specialties in the following applications or classes of tools: industry security frameworks, industry standards and security practices, and security architectures.

    Strong background in security audit functions and security operations including the deployment and use of enterprise tools such as firewalls, web proxies, anti-virus and patching solutions.

    Advanced proficiency in forensics, forensic investigation/analysis, advanced incident handling, intelligence gathering, forensic research, and formal incident investigation. Familiarity/proficiency with the ServiceNow incident response tool is a plus.

    May require operational experience with HIDS, NIDS, Firewalls, routers, switches, various commonly used operating systems, common attack tools, and vulnerability detection/management tools.

    Required Licenses, Certifications, and Other Requirements

    CISSP and/or CISA certifications required; GIAC certifications a plus

    Education & Experience

    Bachelor's Degree; Minimum of 10 years of experience in incident response, risk management or IT governance

    US-Based Positions Notice: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.

    Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com

    Requisition code: DE18GLBGTS006SY1203


    See Inside the Office of Deloitte

    One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.


    Back to top