Information Security Policies and Standards, Sr. Tech Analyst- Deloitte Global
Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Global supports our network of member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.
Support the objectives and mission of the Global Information Security Office (GISO) with a primary focus on assisting with the creation of standards, processes and procedures to support global security policies and strategy initiatives.
Through consensus building and collaboration with key leaders across multiple technical and non-technical DTTL networks, translate global information security policy requirements into sound and practical security standards, architecture decisions, designs and patterns and to address/remediate identified information security issues.
Illustrative Duties and Responsibilities
- Support the collaboration across GISO, GTS and member firms to translate information security policy requirements and standards into sound and practical security standards, architecture decisions, designs and patterns at the network, application, platform levels (e.g., reference, conceptual, and logical) and to address/remediate identified information security issues.
- Support development of new information security related standards, processes, and procedures as needed (e.g., identifying and writing security hardening and configuration standards for various platforms and technologies).
- Assist with information security risk assessment related activities and conduct security architecture and controls reviews to ascertain overall compliance with global information security requirements as needed.
- Support for security product evaluation activities in relation to compliance with defined standards.
- Monitors security blogs, articles, and reports and remains current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends, where relevant notifies leadership to incorporate information into processes, procedures, and audit preparedness activities.
- Supports analyses of complex technology and operational risks to the enterprise and proposes appropriate controls to comply with relevant laws, regulations, and industry standards
- Provides project support for assigned security function. This includes security design and preparing security documentation for internal process as well as internal/external audits and assessments.
Required Technical Skills
- Familiarity with ISO27001/ISO27002, NIST and other recognized information security standards.
- Experience with developing policies, standards, processes and procedures (including at the platform level e.g., servers, workstations and infrastructure component level).
- Experience with conducting risk assessment activities and information security reviews.
- Understanding of Microsoft Windows technologies (Active Directory, Exchange, Lync, Windows Server, TMG, HyperV, SCOM, SCCM) and associated security threats and vulnerabilities.
- Familiarity with strong authentication (2-factor), Public Key Infrastructure (PKI) and other cryptographic control technologies, Data loss prevention (DLP), mobile device and endpoint security technologies.
- Demonstrable knowledge of common network architectures and common system development lifecycle processes.
- Strong English language communication skills (both verbal and written) and advanced competency in Microsoft Office technologies.
- Strong written communication skills
- Strong troubleshooting, reasoning and problem solving skills
- Ability to communicate security issues to both technical and business personnel.
- Ability to multi-task, prioritize work and work independently.
- Process-oriented mind set.
- A demonstrable passion for the field of Information Security.
Required Licenses, Certifications, and Other Requirements
Preferred one or more of SSCP, Associate of ISC2, CISSP, CISA, CISM, CEH, ISO Lead Implementer certifications
Education & Experience
Minimum Bachelor's Degree coupled with a minimum of 3-5 years of relevant IT security experience
Requisition code: DE18USAGTS004AJ0136
See Inside the Office of Deloitte
One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.
Back to top