Information Security Manager

Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Global supports our network of member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

This is a new role and entails leading the vendor risk assessment process being rolled to all of the member firms, and includes management of the framework, enhancement of framework artifacts and serving as the subject matter expert in assisting adoption of these processes within the member firms.

Illustrative Duties and Responsibilities

  • Perform vendor reviews in accordance with ISO 27002 standards.
  • Manage the rollout of a vendor risk assessment process to all member firms.
  • Coordinate and gain input on enhancements to the framework.
  • Integrating enhancements into the framework deliverables.
  • Facilitate maintenance and administration of the eGRC platform (Archer) that supports the vendor assessment process.
  • Develop and maintain metrics and KPIs for the vendor assessment process.
  • Monitor security blogs, articles, and reports and remain current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends and incorporate information into processes, procedures, and audit preparedness activities.
  • Perform other job-related duties as assigned.

Required Technical Skills

Technology Background:

  • A demonstrable passion for the field of information security.
  • Strong knowledge of information security across all domains and at least five years of information security experience.
  • Demonstrated experience performing risk assessments/threat models of cloud/vendor hosted solutions.
  • Thorough understanding of the ISO27002 standard.
  • Experience in management of vulnerability and/or risk remediation.
  • Experience with Archer or another industry standard eGRC solution.

Soft Skills:

  • Advanced communication skills (both verbal and written).
  • Ability to communicate technology issues to both technical and leadership personnel and negotiate to a mutually beneficial conclusion.
  • Ability to multi-task, prioritize work and work independently.
  • Process-oriented mindset.

Required Licenses, Certifications, and Other Requirements

  • One or more of CISSP, CCSP, CISA, CISM, GIAC or CEH certifications strongly preferred but equivalent knowledge will be considered

Education & Experience

  • Bachelor's Degree, preferably in a field of information technology, engineering or math; five or more years of related experience.

Requisition code: DE17CHIGTS005AJ27


See Inside the Office of Deloitte

One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.


Back to top