Manager, Info Security, Risk & Governance

Administrative & Support Services

Atlanta, Georgia, United States

Position Summary

Deloitte Touche Tohmatsu Services, LLC seeks a Manager, Info Security, Risk & Governance in Atlanta, Georgia.

Work You’ll Do

Provide direction to related governance functions (Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) on information security matters including routine info technology security activities, emerging security risks and control technologies. Lead complex assignments or aspects of highly complex info security assignments. Manage the process of identifying and assessing info security risks affecting the business. Monitor, evaluate, and challenge the firm’s direction in managing risk to determine best approach to risk mitigation. Evaluate ongoing projects and engagements to determine risks; and recommend strategies to manage against identified risks. Propose approaches and solutions for improvements to processes and/or develop new approaches or deliverables. Identify and determine best practices within area of focus. Support business development activities, such as input for proposal development in relation to info security practices and controls. Oversee security assessment processes, including vendor assessments, to identify potential areas that could introduce risks to member firms. Work with project teams, Office of General Counsel, Strategic Procurement Services, and vendor representatives to determine and track courses of actions for remediation of findings. Lead preparation of and authorize implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with Security Committee. Lead design, implementation, operation and maintenance of info security applications and tools based upon established security architecture. Lead design and operation of related compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws and regulations. Provide project oversight and leadership for assigned security function. Management and leadership of staff within one of the Information Security functions. Utilize experience with Information Security and Cybersecurity with a focus on governance, risk and compliance (GRC); managing implementation/administration of GRC solutions/use cases such as Policy and Compliance Management, Risk Management, Third Party Risk Management on ServiceNow or RSA Archer platform; leading the requirements definition/documentation, design of prototype/mockup, data model, architecture, process flows, development/configuration, testing and deployment of solutions in GRC platform; cyber security controls mapped from various regulations, industry standards such as ISO 27001,NIST, HIPPA, PCI-DSS, SOX, or GLBA, and internal organizational policies; managing implementation/administration of SecOps (Security Operations) solutions/use cases such as Security Incident Response, Vulnerability Response, Threat Intelligence on ServiceNow, or RSA Archer platform.

#LI-DNI

Requirements

Position requires a Bachelor’s degree, or foreign equivalent degree, in Information Technology, Engineering or related field and five (5) years of experience in related occupation.

Must have included five (5) years of experience in the following special skills:

Information Security and Cybersecurity with a focus on governance, risk and compliance (GRC)
Managing implementation/administration of GRC solutions/use cases such as Policy and Compliance Management, Risk Management, Third Party Risk Management on ServiceNow or RSA Archer platform
Leading the requirements definition/documentation, design of prototype/mockup, data model, architecture, process flows, development/configuration, testing and deployment of solutions in GRC platform
Cyber security controls mapped from various regulations, industry standards such as ISO 27001,NIST, HIPPA, PCI-DSS, SOX, or GLBA, and internal organizational policies
Managing implementation/administration of SecOps (Security Operations) solutions/use cases such as Security Incident Response, Vulnerability Response, Threat Intelligence on ServiceNow, or RSA Archer platform

EOE

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.

Our purpose

Deloitte’s purpose is to make an impact that matters for our clients, our people, and in our communities. We are creating trust and confidence in a more equitable society. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. We are focusing our collective efforts to advance sustainability, equity, and trust that come to life through our core commitments. Learn more about Deloitte's purpose, commitments, and impact.

Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available.

Requisition code: 137361

Accolades

Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte US (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:

At Deloitte, ethics and integrity are fundamental and not negotiable.
We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
We have not authorized any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange for promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorized or fraudulent actions or engagements. We encourage jobseekers to exercise caution.