Job Summary
Cyber Security BISO Team works with the Deloitte Function Specific Subsidiaries (FSS) & Chief Information Security Officer (CISO) organization directly supporting Deloitte’s Enabling Areas functions. The role involves close integration with various internal and external client-service leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption.
The Business Information Security Officer (BISO) Analyst will work closely with the Application teams of various lines of businesses (LOB), including the Office of Chief Information Officer (OCIO). In this role, you will support a group/team to develop a deep understanding of the business to facilitate specialized information security risk-based discussions. This role requires a proactive individual with a keen eye for detail and a strong understanding of cybersecurity frameworks such as, ISO, NIST, CIS.
Key Responsibilities:
· Oversight & Alignment: Partner with Deloitte’s central Cyber Security organization to ensure consistent adoption of security frameworks, policies, and controls within business units and client teams.
· Security Strategy Development: Collaborate with business leaders to develop and implement information security strategies that align with business goals and regulatory requirements.
· Risk Management: Identify, assess, and prioritize information security risks within the enabling areas. Develop and implement risk mitigation strategies.
· Policy and Compliance: Ensure compliance with relevant information security policies, standards, and regulations (e.g., ISO 27001, NIST, SOC 2, HIPAA). Maintain ongoing audit readiness.
· Incident Response: Lead the response to security incidents within the enabling areas, including investigation, containment, and remediation efforts.
· Vulnerability Management: Monitor cyber threats relevant to the business domain. Support risk assessments, issue management, and incident response coordination.
· Stakeholder Engagement: Serve as the primary point of contact for information security matters within the enabling areas. Build strong relationships with business leaders and other stakeholders.
· Mitigation Projects: Lead or support projects involving third-party risk, vulnerability remediation, data protection, secure application development, and identity & access governance
· Security Architecture: Work with IT and business teams to design and implement secure systems and processes that support business operations.
· Continuous Improvement: Stay current with emerging security threats and trends. Recommend and implement improvements to the organization's security posture
Qualifications:
· Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
· Experience: Minimum of 4 years of experience in information security
· 2-4 years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
· 2-4 years of experience in vulnerability management, cybersecurity, or a related field.
· Experience with vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7).
· Experience with GRC platforms (e.g., ServiceNow, Archer, or similar).
· Certifications: Relevant certifications such as CISSP, CISM, CISA, or equivalent.
· Technical Skills: Strong understanding of information security principles, technologies, and best practices. Experience with risk management, incident response, and security architecture.
· Business Acumen: Ability to understand business operations and align security strategies with business objectives.
· Communication: Excellent verbal and written communication skills. Ability to effectively communicate complex security concepts to non-technical stakeholders.
· Leadership: Proven ability to lead cross-functional teams and manage multiple projects simultaneously.
· Soft Skills:
· Excellent analytical and problem-solving skills.
· Strong communication skills, both written and verbal.
· Ability to work independently and as part of a team.
· Detail-oriented with a strong focus on accuracy and quality.
· Ability to work in a fast-paced environment and manage multiple tasks simultaneously.
This role is ideal for a motivated individual who is passionate about cybersecurity and eager to contribute to the organization's security posture. If you have a strong background in vulnerability management and a commitment to continuous improvement, we encourage you to apply.
The team
Information Technology Services (ITS) helps power Deloitte’s success. ITS is the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~2,200 professionals in ITS deliver services internally including:
- Cyber security
- Technology support
- Technology & Infrastructure
- Application development and management
- Relationship management group
- Strategy
- Deployment
- PMO
- Financials
- Communications
For more information on ITS, you can visit our dedicated recruitment page at https://usrecruiting.deloitte.com/-its-recruiting-for-experienced-hires.
Cyber Security
The Cyber Security team is responsible for vigilantly protecting Deloitte and client data. The team is responsible for a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of focus include:
- Cyber design
- Risk & Compliance
- Technology Risk Management
- Identity & Access Management
- Data Protection
- Incident Response and Architecture