Deloitte | India Offices of the US

Manager – Business Information Security Manager

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Due to the global nature of this role, relocation is not required, nor supported.  Candidates would be expected to work from their current location.

Work you’ll do.

Job Description - Role Responsibilities

As a Manager within the Business Information Security area, you’ll work closely with both technical and non-technical stakeholders within an assigned line of business or technology enablement area providing the best possible support across a range of application based, risk, and risk mitigation disciplines. Along with having knowledge of industry-accepted best practices, the Manager is expected to ensure that all applications aligned to their customer adhere to the firm’s internal cybersecurity policies, standards, escalating any non-compliance up to the associated Business Information Security Officer (BISO). Successful candidates should showcase the capability to effectively influence and cultivate relationships with diverse stakeholders.

This role is responsible for overseeing the security posture of all their assigned business/technology area’s applications by ensuring secure coding best practices are defined, understood, and embedded from the start and that all associated development processes have requirements validated via appropriate security evaluations and testing. Other responsibilities will span from monitoring and managing application code vulnerabilities (e.g., penetration testing, code scanning, etc.), patch/configuration vulnerabilities and code quality etc., to identifying areas of opportunity, and defining and driving improvement plans, going as far as contributing to carrying out code updates and promoting focused security releases.

Responsibilities include:

• Serve as a trusted advisor to solution architects, developers, technical risk analysts and others on information security principles, standards, and best practices. Understand the ins and outs of their assigned customers, gain familiarity with priorities and be an advocate for them.
• Playing a leading role in assessing system development practices from a cybersecurity perspective, helping to ensure the work being done by developers reduces the chances of vulnerabilities being introduced.
• Continually review application security vulnerabilities to identify trends and to define ways to address them, such as recurring insecure coding practices etc.
• Oversee and help drive the design and implementation of application security controls in support of compliance requirements using secure design and development methodologies.
• Support the Secure Systems Development Lifecycle (SSDLC), including functional and non-functional cybersecurity requirements.
• Work closely with the internal cybersecurity teams who provide application security testing services (IAST/SAST/DAST) and Application Architecture best practices to ensure communication of aligned work/initiatives are appropriately communicated to their assigned customers.
• Strive for process improvement and automation; help development and operations team build automation for repeatable Cyber related vulnerability management activities.
• Maintain awareness of evolving security threats and inform development, business, and risk stakeholders.
• Provide application-specific security subject matter expertise to their assigned customers.
• Evaluate the likelihood and impact of application vulnerabilities; develop and drive mitigation approaches.
• Lead, coach, and mentor project teams to incorporate security into enterprise and client-facing applications.

Job Description - Qualifications

We value a diverse range of skills and experiences. While proficiency in all listed qualifications is strongly desired, we encourage candidates who may not meet every criterion to still apply, as we believe in the potential for unique perspectives and talents to contribute to our team.

• In-depth secure coding experience of main programming languages such as .net, java, python
• Knowledge of application security testing tools and techniques (SAST, DAST, IAST etc.) including secure code training products
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST
• Maintains awareness of application security vendor products and evolving technologies
• Experience evaluating the likelihood and impact of application vulnerabilities.
• Experience with Visual Studio Team Services (VSTS), Fortify, Veracode and other security testing tools preferred, including penetrating testing.
• Experience developing and communicating security best practices and roadmap.
• Experience with Agile practices, SCRUM, Microsoft SDL, and STRIDE.
• Familiarity with SOC 2 principles; specifically in application security preferred.
• Solid capabilities across multiple security domains such as identity and access management (IAM), public-key encryption, API management, security information and event management (SIEM), incident response, threat & vulnerability management
• Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32, Cloud Control Matrix (CCM) desired
• Ability to create technical solution documentation quickly and succinctly.
• Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.).
• Excellent communication, listening and facilitation skills
• Problem-solving, organizational, and critical-thinking skills

Education & Experience: 

• 7+ years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client-service experience in the field.
• Minimum 3 years of experience in software development, security architecture, and/or application security.
• Minimum 2 years of leadership / team management experience.
• Demonstrated experience driving strategy with cross-functional executive level stakeholders.
• Demonstrated ability to drive organizational change and work with multiple business units of a large organization to effect change.
• Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tact.

How you’ll grow

At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives.  Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities.  We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.  Learn more about Deloitte’s impact on the world.