Deloitte US

Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte Technology US (DT - US). We are curious and life-long learners focused on technology and innovation.

Work you’ll do

The Lead Analyst, Cyber Security Architect, role provides support to Government and Public Services (GPS) Business Information Security Officer (BISO) function for maintaining the appropriate cyber security posture for systems and applications supporting business operations and client delivery. This role will support the development of information technology solutions by leading and evaluating the security components of solution architectures with a focus on cloud.  This will include determining security requirements, design specifications, and compliance controls as well validating adherence to security policies, standards, and industry-accepted best practices. This role will be responsible for providing deep technical expertise regarding security risks and risk mitigation approaches.  Additionally, this role will assist in the creation a unified approach to security to support the rapid evolution and innovation needs of our information technology projects and cloud migration efforts.

Responsibilities:

• Develop security architecture and guiding principles to support information technology initiatives with a focus on cloud.
• Drive, influence and coordinate a secure approach to the development of solutions across the enterprise.
• Deliver deep technical guidance related to enhancing the security posture information technology solutions.
• Participate in the security governance model, establishing policies, standards, and best practices.
• Proactively address changes in the external threat landscape that have an impact on the use of on-premise and cloud computing technologies.
• Lead, coach, and mentor project teams to incorporate security into enterprise and client-facing applications.
• Assist with the integration of security into cloud services delivery standards.
• Oversee and drive the design and implementation of security architecture controls in support of compliance requirements.
• Develop and deliver communications to management and company-wide stakeholders.
• Plan for system and application migration(s) to the cloud, adhering to the client’s technical and business requirements.
• Review and understand technical design documentation for integration and implementation of new cloud applications and systems.
• Communicate effectively through strong written and oral communication skills for technical and non-technical audiences.
• Plan for system and application migration(s) to the cloud, adhering to the client’s technical and business requirements.
• Develop and document technical designs for integration and implementation of new cloud applications and systems.
• Integrate with non-cloud technologies and third-party vendor products/services.
• Support security architecture and guiding principles and apply to information technology initiatives.
• Deliver technical guidance related to enhancing the security posture of information systems solutions.
• Actively participate in the security governance model, establishing policies, standards, and best practices.
• Contribute to addressing changes in the external threat landscape that have an impact on the use of on-premise and cloud computing technologies.
• Assist the design and implementation of security architecture controls to meet compliance requirements.

The team

Deloitte Technology US (DT - US) helps power Deloitte’s success, which serves many of the world’s largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.

The ~3,000 professionals in DT - US deliver services including:

• Cyber Security
• Technology Support
• Technology & Infrastructure
• Applications
• Relationship Management
• Strategy & Communications
• Project Management
• Financials

Cyber Security

Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.

Areas of focus include:

• Risk & Compliance
• Identity & Access Management
• Data Protection
• Cyber Design
• Incident Response
• Security Architecture
• Business Partnership

Required Qualifications:

• Bachelor’s degree in Information Technology, Computer Science or equivalent educational or professional experience and/or qualifications
• Minimum 8 total years various technology related experience
• Minimum 5 years of enterprise information security architecture and information security system design.
• Minimum 2 years of experience including cybersecurity and/or risk management experience in organizations of a similar scale or client-service experience.

Preferred Qualifications:

• Experience integrating security into cloud solutions.
• Strong working experience in multiple (two or more) cyber security disciplines such as (but not limited to) Application Security, Cloud Security, Data Protection/Encryption, Logging and Monitoring, or Data Loss Prevention (DLP).
• Experience with Amazon Web Services (AWS) security and Azure or GCP.
• A background in general security practices such as identity and access management (IAM), encryption, and multi-factor authentication, security information and event management (SIEM), etc.
• Security certification in Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or Certified Information Security Manager (CISM).
• Security certification in either Google – Professional Cloud Architect; AWS – Solutions Architect – Professional; or Azure – MCSE: Cloud Platform and Infrastructure (Infrastructure Focus).
• Strong Knowledge of cyber security standards and frameworks such as ISO 17799/27001, FEDRAMP, NIST 800-53, NIST 800-218 or NIST 800-171.
• Demonstrated ability planning and developing support processes that adhere to Software or System Development Lifecycle best practices, with minimal supervision.
• Must be able to architect and create quality technical solution documentation with minimal supervision.
• Must have strong consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.).
• Must be able to lead the development of technical artifacts including Requirements Traceability Matrix (RTM), Detailed Technical Design, Security Architecture Plan, Services Description Document, etc., with minimal supervision.
• Must be able to deliver in a highly matrixed organization.
• Must be able to communicate effectively through strong written and oral communication skills for technical and non-technical audiences.
• Must have strong MS Excel, PowerPoint, and presentation skills.
• Must be able to interact effectively with professionals at all levels and capable of communicating recommendations and solutions.
• GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP), or Certified Ethical Hack (CEH).
• Master’s degree or higher.
• Experience with servers, firewalls, and network Infrastructure.
• Possess any additional certifications (one or more) for the design/development of distributed solutions on a leading infrastructure platform such as:
  1. Google – Professional Cloud Architect
  2. AWS – Solutions Architect – Professional
  3. Azure – MCSE: Cloud Platform and Infrastructure (Infrastructure Focus)
  4. Google Cloud Platform Qualified Developer
  5. Microsoft Azure Solutions Architect
  6. IBM Certified Solution Architect – Cloud Computing Infrastructure
  7. Red Hat Certified Architect
• Experience developing cloud security vision, strategy, and roadmaps.
• Experience overseeing cloud infrastructure design and developing detailed architecture models for the client to host test, development, and production environments.
• Exceptional verbal and written communication skills.
• Experience supporting cyber strategy with cross-functional executive level stakeholders.
• Demonstrated ability supporting organizational change and working with multiple business units.
• Knowledge and experience across multiple information protection and security domains.
• Knowledge of IT asset management and/or configuration information database (CMDB).
• Broad knowledge and experience across IT infrastructure with security frameworks and standards such as ISO 27001, NIST, and other relevant security-related regulations.
• Deep understanding of with non-cloud technologies and third-party vendor products/services integration.
• Understanding of and ability to effectively apply trends and developments in global security and risk management.

 Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.  The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.  At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.  A reasonable estimate of the current range is$93,000 to $191,000. 

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation

EA_ExpHire