Digital Controls Cloud Security Risk Senior Consultant

Cloud | Accounting & Internal Controls
Same job available in 20 locations

Arlington, Virginia, United States

Atlanta, Georgia, United States

Baltimore, Maryland, United States

Boca Raton, Florida, United States

Boston, Massachusetts, United States

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Costa Mesa, California, United States

Dallas, Texas, United States

Detroit, Michigan, United States

Houston, Texas, United States

Jersey City, New Jersey, United States

Los Angeles, California, United States

Miami, Florida, United States

New York, New York, United States

Philadelphia, Pennsylvania, United States

San Jose, California, United States

Stamford, Connecticut, United States

Position Summary

Digital Controls - Cloud Security Risk

Do you thrive in times of disruption? Have a passion for turning challenges and opportunities into long-term competitive advantages? As a Senior Consultant in Deloitte Risk & Financial Advisory, you’ll have the opportunity to gain valuable hands-on experience working alongside leading professionals across diverse industries while building your professional skills in a variety of project experiences. Our Deloitte Risk & Financial Advisory practice helps organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading team’s help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries.

The Team:

Deloitte Risk & Financial Advisory helps organizations navigate a variety of risks to lead in the marketplace and disrupt through innovation. The insights of our professionals, combined with our specialized products and services, help clients learn how to embrace complexity and leverage their position of strength to accelerate performance.

Learn more about Deloitte's Risk and Financial Advisory practice.

Job Duties:

Our professionals understand the dynamics of serving complex, global clients across multiple industries, and the importance of increasing transparency around business performance. We provide specialized cloud and internal control services for internal and external audit clients along with other services related to financial reporting. To further exploit opportunities and mitigate the risks presented by different markets, we also work with clients to navigate complexities, risks and opportunities presented by third-party relationships.

Application modernization and migration risk assessments

Cloud native applications and services risk and control assessments

Cloud services orchestration and automation

Cloud managed services

Risk and control assessments

Control design, implementation, operation, and evaluation

Cloud secure reference architectures design evaluation

Risk and control analysis of automated DevSecOps pipelines

Cloud security posture management assessments

Ideating and developing cloud risk and controls solutions to meet client needs

Regardless of project type, your work will require:

Proficiency in verbal and written communication skills essential to interacting with clients and teams

Ability to work independently and manage multiple projects/assignments/responsibilities in a fast-paced environment with minimal oversight

Strong problem solving and critical thinking skills

Ability to quickly research and collect data from unique places

Ability to synthesize data and convey information in a concise yet meaningful way

Strong understanding of Cloud and IaaS, PaaS, and SaaS services



BA/BS in Computer Science, Information Systems Administration or a related field

4+ years of related professional experience

2+ years’ experience in auditing Cloud (e.g.; AWS, Azure or GCP) from a technical risk and controls perspective

Associate or professional level certifications in any one of the following cloud service providers: AWS, Azure, or GCP

Any experience or curiosity in the following:

  • Infrastructure as a code to drive compliance
  • Experience in leverage native cloud service provider (AWS, Azure or GCP) API commands to extract data
  • CI/CD pipeline architecture
  • Tools supporting CI/CD pipelines such as GitHub, CircleCI, Jenkins, Ansible, Cloud Formation, Terraform, AzureDevOps, etc.

Any experience or curiosity in developing [CW1] automation and leveraging it to drive risk, security compliance, monitoring and remediation

Demonstrated ability to plan and manage engagements along with ensuring deliverables meet work plan specifications and deadlines.

Strong background in IT risk assessment and remediation

Experience identifying controls and making recommendations to bolster security and compliance posture

Expertise in designing and developing proof of concepts and executing test plans

Demonstrated ability to write technical reports and to participate in presentations with executive leadership

Ability to travel up to 50% on average, based on the work you do and the clients and industries/sectors you serve

Limited immigration sponsorship may be available


Prior Big 4 experience is a plus

Working knowledge of programming and scripting languages (e.g., Python, Node.js, PowerShell, JSON, YAML, etc.)

Experience working with Web service and APIs is strongly preferred

Knowledge of industry information security and cloud security frameworks such as NIST 800-53, ISO 27001, CSA CCM etc.

Understanding of data analytics tools such as Tableau, Alteryx, Snowflake is a plus

Experience with Sarbanes-Oxley is desirable

Master’s in accounting, Computer Science, Information Systems, or a related field is a plus


Team management experience is a plus

Understanding of cloud technologies like Containers, Kubernetes, serverless, microservices, IOT, AI, etc. is highly desirable

Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.

Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Requisition code: 96161


Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte US (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:

  • At Deloitte, ethics and integrity are fundamental and not negotiable.
  • We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
  • We have not authorized any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
  • We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
  • No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange for promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorized or fraudulent actions or engagements. We encourage jobseekers to exercise caution.