Cyber Technology Risk Senior Manager

Risk Management and Governance | Cyber Risk

Dallas, Texas, United States

Position Summary

Deloitte’s Risk & Financial Advisory Services help our clients to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our services help organizations to address, in a timely manner, pervasive issues, such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise.

Job Summary

We are seeking an experienced professional to join our team, who will have extensive experience in Cyber Strategy Technology Risk, Analytics, Quantification and Solution Management. This role involves supporting our client teams in defining and executing their Cyber Tech Risk program’s strategy, operations, and supporting technology solutioning, deployment, and its continued operations. The candidate with construct and assess detailed security programs translating business needs and regulatory requirements into cost-effective risk-management strategy and operating model. The candidate will also act as a solution architect internally for cyber metrics, analytics, risk quantification and drive the definition, design, and deployment of solutions and services to advance Deloitte Cyber's Technology Risk offering within Cyber Strategy.

Key Responsibilities

  • Define and Execute Program Strategies: Develop comprehensive strategies for risk and compliance management, including governance models, organizational structures, policies, standards, communication plans, and training initiatives.
  • Define and Implement Frameworks: Create and enhance enterprise risk management frameworks based on industry standards such as NIST, ISO 27001,COBIT, PCI-DSS, , GDPR, SSAE 18 SOC, NY DFS and HIPAA, utilizing various GRC technologies.
  • Lead Cyber Strategy Tech Risk Analytics Solutions: Oversee the development of Deloitte’s Cyber Strategy Tech Risk Analytics, Quantification and Management reporting solutions, ensuring alignment with industry best practices, leading technologies, and evolving client needs related to risk and threats.
  • Evaluate and Implement Platforms: Assess, build and deploy various technology risk management analytics platforms (e.g., Cyber Metrics , Analytics and Quantification, ServiceNow, GRC Archer, etc.) and associated modules integration, including GRC, SecOps, ITSM, SIEM, ITAM, CMDB, , and automation workflows.
  • Drive Continuous Improvement: Utilize industry-leading practices and technology-based tools or methodologies to enhance the monitoring, delivery, and reliability of Deloitte Cyber’s services provided to clients.
  • Serve as a Trusted Advisor: Advise executive leaders on risk and compliance management, offering insights and recommendations. Collaborate with them to resolve business problems by translating functional requirements into technical solutions.
  • Lead Practice Development: Develop go-to-market methodologies and solutions to address clients’ Cyber risk and compliance challenges.
  • Offer Thought Leadership: Provide guidance on industry leading practices for development, while participating in the evaluation of new requirements.
  • Manage and Mentor Teams: Lead and mentor a global team, ensuring the effective delivery of technology risk management services and capabilities.

The team

Deloitte Advisory’s Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. With deep experience across a broad range of industries, Deloitte Advisory’s Cyber Risk professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to transform legacy programs into proactive Secure, Vigilant, Resilient, TM cyber risk programs. By joining our team, you’ll be part of developing the future state of cyber risk solutions

Individuals who take deep personal accountability for their work, have a passion for excellence, driven to achieve their full potential and understand the value of building relationships with clients and the industry, are encouraged to realize our requirement for a Cyber Strategy Tech Risk & Management professional. The desired professional is expected to have an in-depth understanding of leading Cyber Strategy Tech Risk practices and have demonstrated experience in the design and implementation of associated solutions and modules. Understanding of risk and compliance pain points and how they can be addressed effectively through a scalable and modular technology is key to success in this role.

The successful candidate will possess:

  • Proven track record of building and managing cyber technology risk programs.
  • Strong leadership and team management skills.
  • Excellent communication and advisory skills.
  • Ability to drive sales and revenue growth through strategic client engagements.
  • Excellent documentation and presentation, verbal and written communication skills and ability to work with teams across geographical locations
  • Demonstrated flexibility in prioritizing and completing tasks; and working collaboratively with the client to identify and solve key constraints, risks and issues.
  • Demonstrated problem solving, critical thinking and logical structuring skills.

Qualifications

Required:

  • 8+ years of hands-on experience on cyber strategy, risk modelling, analytics & reporting, compliance and gap analysis against major frameworks – NIST, COBIT, ISO 27001, SOC, SOX, PCI, GDPR, technology risk solution designs and architect, data integration strategies, including but not limited to risk modelling, quantification, and automation workflows.
  • 5+ years of in-depth experience in performing cyber risk assessments, vulnerability assessments and threat analysis to assess risk and recommend remediation industry leading strategy to monitor and mitigate risk
  • 5+ years of experience of engagement planning, economics, and billing and manage proposal development efforts. Serve as a subject matter expert with respect to market trends and competitor activities. Evaluate, counsel, mentor and provide feedback on performance of team members directly or indirectly reporting to the candidate. Play substantive/lead role in retention of professionals and in building staff complement, mix, and recruiting.
  • Engineering degree.
  • Security certifications (CISSP, CISA, CISM etc.)
  • Limited immigration sponsorship may be available
  • Ability to travel up to 75%, on average, based on the work you do and the clients and industries/sectors you serve.

Preferred 

  • Experience on ServiceNow Security, GRC modules, SIEM, Vulnerability Scanning tools would be preferred.
  • Experience in defining, data management requirements, integration strategies, BI tools such as Power BI, Tableau
  • Creates business and technical design specifications for implementation of the Cyber Risk Analytics Platform
  • Reviews proposed design with all customer and internal stakeholders, and leads all technical design meetings
  • Identifying and reviewing various preventive, detective, and corrective security controls techniques, processes, and operational procedures

Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.
Our purpose

Deloitte’s purpose is to make an impact that matters for our clients, our people, and in our communities. We are creating trust and confidence in a more equitable society. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. We are focusing our collective efforts to advance sustainability, equity, and trust that come to life through our core commitments. Learn more about Deloitte's purpose, commitments, and impact.
Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Requisition code: 204987

SCAM ALERT

Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte US (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:

  • At Deloitte, ethics and integrity are fundamental and not negotiable.
  • We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
  • We have not authorized any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
  • We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
  • No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange for promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorized or fraudulent actions or engagements. We encourage jobseekers to exercise caution.