Information Security Officer, Sr. Manager (Deloitte Function Specific Subsidiary)
Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
The US Chief Information Security Officer (CISO) oversees the strategy and governance of information security, risk management and information security operations for the entire Deloitte US firm. Deloitte Information Technology Services (ITS) is looking to fill the position of a FSS Information Security Officer (ISO) to act as a business partner between the FSS and the US Cyber Security organization, to champion cyber security initiatives within the FSS and serve as a trusted advisor on information security to client engagement teams within the FSS.
This position will have responsibility to lead cyber security for two FSS areas and influence security objectives and efforts across them, to protect critical assets, align and prioritize our cyber security investments, to establish enhanced information security defense, minimize vulnerabilities and strengthen business resilience. The FSS ISO is expected to proactively work with the US CISO to understand and respond to key cyber security requirements where the US Cyber Security organization should play a role in conceptualizing, creating and managing information security services to the FSS. The FSS ISO will also engage closely with their FSSs Chief Technology Officers (CTO) and other Risk Management professionals to adopt consistent cyber security practices at the business level, report on cyber security risks, and drive risk mitigation.
This role will report to both the US CISO and respective FSSs CTOs and have responsibility to influence cyber security strategy actions cross-functionally and must possess a high degree of integrity, sound judgment, as well as have domain competency in the field of information security and risk management. The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, is knowledgeable about cybersecurity, and has a strong knowledge of security best practices and security technologies.
Information Security Knowledge
- Serve as the central point of contact for information security related issues within specified FSSs. The FSSs are grouped as follows:
- Audit & Tax
- Advisory & Consulting
- Enabling Areas & Federal
- Support the development, implementation, and management of a firm wide cyber security strategy to ensure the security, integrity, confidentiality, and availability of Deloitte's information assets
- Ensure all FSS staff, systems, processes and tools are aligned with the US CISO organization's cyber security strategy
- Serve as a trusted advisor on cyber security related inquiries from client engagement teams, leadership, and regulators and help balance protection of information assets with operational effectiveness
- Work directly with the FSS leaders to facilitate information security risk assessments and risk management processes, including maintaining, communicating, and ensuring compliance with organizational security policies
- Build and sustain information security practices at the FSS level such that it can keep pace with the rapidly evolving threats
- Provide FSS perspective in developing and maintaining up-to-date information security policies, standards and guidelines
- Promote information security culture and awareness across the FSS
- Support the cultivation of a cyber security knowledge sharing culture across all FSSs including Enabling Areas, Federal, and USI.
- Collaborate cross-functionally and help oversee US CISO organization's security investments
- Lead within the FSS to assess and coordinate critical response efforts for information security events
- Support the measurement of the efficiency and effectiveness of the cyber security program
- Facilitate appropriate resource allocation to increase the maturity of the cyber security program
- Serve as a member to the Cyber Security Council
- Strong customer focus – understand needs and concerns of clients, practitioners, and respond promptly and effectively to customer requestp>
- Ability to gain and reach consensus and collaborate across leadership, resolving differences by determining needs and creating mutually beneficial solutions.
- Comfortable dealing with complexity and ambiguity, but able to challenge and enquire to develop appropriate and achievable solutions to problems.
- Ability to manage to results by balancing strategic goals with tactical wins that focus on pragmatic solutions for the business.
Education: Bachelor's Degree or equivalent experience in Information Security, Computer Science, or Information Systems
Years of Experience: 10+ years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client-service experience in the field.
Other Specific Skills or Knowledge:
- Advanced generalist - organizational skills and experience, including project- or role-based experience in the following: policy and standards, risk management and reporting, and change management / adoption.
- C-level and executive interaction experience
- Demonstrated experience driving strategy with cross-functional executive level stakeholders
- Demonstrated ability to drive organizational change and work with multiple business units of an organization to effect change
- Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tact
- Proven knowledge and experience across multiple information protection and security domains
- Broad knowledge and experience across IT infrastructure with security frameworks and standards such as ISO 17799/27001, NISPOM, PCI, and other relevant security-related regulations
- Understanding of and ability to effectively apply trends and developments in the area of global security and risk management
- Ability to frame and communicate security and risk-related concepts to technical and nontechnical audiences at various levels
- Strong understanding of Deloitte Touche Tohmatsu Limited operating environment OR successful experience working in a comparable global professional services organization is preferred
- Professional security certifications such as CISSP, CCISO, or CISA or equivalent experience
Requisition code: E17NATSSRMBJ147-ITL6
See Inside the Office of Deloitte
One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.
Back to top