Information Security Policies and Standards, Senior Manager- Deloitte Global

Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Global supports our network of member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

Support the objectives and mission of the Global Information Security Office (GISO) with a primary focus on leading and managing the creation of standards, processes and procedures to support global security policies and strategy initiatives.

Through consensus building and collaboration with key leaders across multiple technical and non-technical DTTL networks, translate global information security policy requirements into sound and practical security standards, platform standards, architecture decisions, designs and patterns and to address/remediate identified information security issues.

Illustrative Duties and Responsibilities:

  • Collaborate across GISO, GTS and member firms to translate information security policy requirements and standards into sound and practical security standards, architecture decisions, designs and patterns at the network, application, platform levels (e.g., reference, conceptual, and logical) and to address/remediate identified information security issues.
  • Develop new information security related standards, processes, and procedures as needed (e.g., identifying and writing security hardening and configuration standards for various platforms and technologies).
  • Perform information security risk assessment related activities and conduct security architecture and controls reviews to ascertain overall compliance with global information security requirements as needed.
  • Work closely with GISO and GTS enterprise architects to provide security oversight for proposed global technology standards.
  • Provide SME support for security product evaluation activities in relation to compliance with defined standards.
  • Monitors security blogs, articles, and reports and remains current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends, where relevant notifies leadership to incorporate information into processes, procedures, and audit preparedness activities.
  • Analyses complex technology and operational risks to the enterprise and proposes appropriate controls to comply with relevant laws, regulations, and industry standards
  • Provides project support for assigned security function. This includes security design and preparing security documentation for internal process as well as internal/external audits and assessments.

Technology Background:

  • Familiarity with ISO27001/ISO27002, NIST and other recognized information security standards.
  • Familiarity with information security architecture frameworks, design patterns.
  • Experience with developing policies, standards, processes and procedures (including at the platform level e.g., servers, workstations and infrastructure component level).
  • Experience with conducting risk assessment activities and information security reviews.
  • Understanding of Microsoft Windows technologies (Active Directory, Exchange, Lync, Windows Server, TMG, HyperV, SCOM, SCCM) and associated security threats and vulnerabilities.
  • Familiarity with strong authentication (2-factor), Public Key Infrastructure (PKI) and other cryptographic control technologies, Data loss prevention (DLP), mobile device and endpoint security technologies.
  • Demonstrable knowledge of common network architectures and common system development lifecycle processes.

Soft Skills:

  • Strong English language communication skills (both verbal and written) and advanced competency in Microsoft Office technologies.
  • Strong written communication skills
  • Strong troubleshooting, reasoning and problem solving skills
  • Ability to communicate security issues to both technical and business personnel.
  • Ability to multi-task, prioritize work and work independently.
  • Process-oriented mind set.
  • A demonstrable passion for the field of Information Security.

Required Licenses, Certifications, and Other Requirements:

  • Preferred one or more of SSCP, Associate of ISC2, CISSP, CISA, CISM, CEH, ISO Lead Implementer certifications

Education & Experience:

  • Minimum Bachelor's Degree coupled with a minimum of 10+ years of relevant IT security experience

Requisition code: DE18USAGTS005AJ0138

See Inside the Office of Deloitte

One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.

Back to top