Position : Cyber Security BISO Analyst
Job Summary
Cyber Security BISO Team works with the Deloitte Function Specific Subsidiaries (FSS) & Chief Information Security Officer (CISO) organization directly supporting Consulting FSS businesses. The role involves close integration with various FSS client-service leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption.
The Business Information Security Officer (BISO) Analyst will work closely with the Application teams of various lines of businesses (LOB), including the Office of Chief Information Officer (OCIO). In this role, you will support a group/team to develop a deep understanding of the business to facilitate specialized information security risk-based discussions. This role requires a proactive individual with a keen eye for detail and a strong understanding of cybersecurity frameworks such as, ISO, NIST, CIS.
Key Responsibilities:
- Contribute to the ongoing development, implementation, and maintenance of information security initiatives.
- Possess a strong background in application development and/or application security, with knowledge of the Software Development Life Cycle (SDLC) from design, testing, deployment to post-production, and the different risk elements associated with each step.
- Serve as an Information Security subject matter expert and liaison with Information Security teams.
- Collaborate with application teams on information security critical priorities.
- Support the triage process with the application teams and help them understand the Information Security support structure.
- Display subject matter experience in application security, vulnerability testing & system testing.
- Prioritize vulnerabilities based on risk and potential impact.
- Collaborate with IT and security teams to develop and implement remediation plans.
- Track and verify the remediation of identified vulnerabilities.
- Prepare detailed reports on vulnerability findings and remediation status.
- Communicate findings to relevant stakeholders, including IT, security, and management teams.
- Stay up to date with the latest vulnerability trends, tools, and best practices.
- Recommend and implement improvements to the vulnerability management process.
- Assist in the investigation and response to security incidents related to vulnerabilities.
- Provide expertise in vulnerability exploitation and mitigation techniques.
- Ensure compliance with relevant regulations, standards, and policies related to vulnerability management.
Qualifications:
- Education:
- Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
- Experience:
- 1-2 years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
- 2-4 years of experience in vulnerability management, cybersecurity, or a related field.
- Experience with vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7).
- Technical Skills:
- Strong understanding of common vulnerabilities and exposure (CVE) and common vulnerability scoring system (CVSS).
- Knowledge of network and system security principles.
- Familiarity with operating systems (Windows, Linux, Unix) and network protocols.
- Certifications:
- Relevant certifications such as CompTIA Security+, CISSP, CEH, GIAC, or similar are preferred.
- Soft Skills:
- Excellent analytical and problem-solving skills.
- Strong communication skills, both written and verbal.
- Ability to work independently and as part of a team.
- Detail-oriented with a strong focus on accuracy and quality.
· Ability to work in a fast-paced environment and manage multiple tasks simultaneously.
This role is ideal for a motivated individual who is passionate about cybersecurity and eager to contribute to the organization's security posture. If you have a strong background in vulnerability management and a commitment to continuous improvement, we encourage you to apply.
The team
Information Technology Services (ITS) helps power Deloitte’s success. ITS is the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~2,200 professionals in ITS deliver services internally including:
- Cyber security
- Technology support
- Technology & Infrastructure
- Application development and management
- Relationship management group
- Strategy
- Deployment
- PMO
- Financials
- Communications
For more information on ITS, you can visit our dedicated recruitment page at https://usrecruiting.deloitte.com/-its-recruiting-for-experienced-hires.
Cyber Security
The Cyber Security team is responsible for vigilantly protecting Deloitte and client data. The team is responsible for a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of focus include:
- Cyber design
- Risk & Compliance
- Technology Risk Management
- Identity & Access Management
- Data Protection
- Incident Response and Architecture