USI Cyber Security BISO Manager
Location: India
Job Summary
This Manager role operates in the Business Information Security Officer (BISO) function within the Cyber organization while directly supporting the Consulting Service line of business. The role involves close integration with various business leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption. In this role, you will utilize a deep understanding of the business to facilitate specialized information security risk-based discussions. You will drive alignment with Deloitte policies, industry accepted standards, and security best practices.
This fast-paced multi-faceted environment requires a highly motivated, self-driven, strong team player who demonstrates an intrinsic desire for continuous personal and professional growth.
Key Responsibilities:
· Contribute to the ongoing development, implementation, and maintenance of information security initiatives.
· Manage vulnerability assessments, remediation tracking, and reporting for business-critical applications and platforms.
· Provide expert guidance on risk mitigation, security best practices, and emerging threats.
· Collaborate with IT and security teams to develop and implement remediation plans.
· Ensure compliance with relevant regulations, standards, and policies related to vulnerability management.
· Conduct hands-on security architecture reviews for new and existing systems, enforce adherence to cyber security standards, and manage exceptions as needed.
· Provide guidance on cloud security controls, guardrails, architecture, and risk management across all major cloud service providers (AWS, Azure, GCP, etc.).
· Identify solutions that balance business requirements and cyber security requirements.
Qualifications
· Bachelor’s degree in Computer Science/Engineering, Management Information Systems, Cyber Security, or a related field (Master’s preferred).
· 12+ years of relevant professional experience to include at least 6 years of progressive experience in cyber security with at least 3 years in a leadership or advisory role.
· Superior communication (written and verbal), problem solving, collaboration, interpersonal, and stakeholder management skills.
· Experience reviewing security architecture and experience evaluating secure cloud-based solutions in AWS, Azure, and/or GCP.
· Knowledge of application security, SSDLC, and vulnerability management including experience evaluating the likelihood and impact of application vulnerabilities.
· Knowledge of cyber security practices and technologies such as identity and access management (IAM), multi-factor authentication, encryption, IDS/IPS, firewalls, end-point protection (AV, EDR), DLP, CASB, vulnerability management, and security information and event management (SIEM).
· Knowledge of information security regulatory requirements such as General Data Protection Regulation (GDPR), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standards.
· Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework.
Certifications:
Relevant certifications such as CompTIA Security+, CISSP, CISM, CEH, GIAC, or similar are preferred.
The team
Information Technology Services (ITS) helps power Deloitte’s success. ITS is the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~2,200 professionals in ITS deliver services internally including:
Cyber Security
· Technology support
· Technology & Infrastructure
· Application development and management
· Relationship management group
· Strategy
· Deployment
· PMO
· Financials
· Communications
Areas of focus include:
· Cyber design
· Risk & Compliance
· Technology Risk Management
· Identity & Access Management
· Data Protection
· Incident Response and Architecture
For more information on ITS, you can visit our dedicated recruitment page at https://usrecruiting.deloitte.com/-its-recruiting-for-experienced-hires.
Cyber Security
The Cyber Security team is responsible for vigilantly protecting Deloitte and client data. The team is responsible for a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.