Deloitte US

Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte Technology-US (DT-US). We are curious and life-long learners focused on technology and innovation.

Recruiting for this role ends on 4/25/2026.

Work you’ll do

The Government & Public Services (GPS) Business Information Security Officer (BISO) is a director level role reporting into the Deloitte Technology-US BISO Leader within the Chief Information Security Officer (CISO) organization, with a matrixed relationship to the GPS Chief Information Officer (CIO). The GPS BISO is accountable for defining and executing the cybersecurity strategy, governance, compliance, and risk management framework for an $8B Government & Public Services business.

As a key member of the DT-US Cyber Security Management Leadership Team, the GPS BISO serves as a trusted advisor to executive stakeholders, ensuring that cyber security enables business growth, protects critical assets, and meets the complex regulatory requirements of U.S. federal, state, and defense environments.

Key Responsibilities

• Define and execute the GPS cybersecurity strategy aligned to business objectives, regulatory requirements, and enterprise risk appetite.
• Serve as a trusted advisor to executive leadership, clients, and government stakeholders on cyber risk, resilience, and emerging threats.
• Lead compliance with federal and state frameworks (e.g., FedRAMP, DoD SRG, CMMC) and oversee ATO lifecycle management and continuous monitoring.
• Own the enterprise cyber risk posture, including risk identification, prioritization, mitigation, and reporting through metrics and KPIs.
• Establish and lead cyber governance, including policies, standards, and risk-based decision frameworks.
• Provide executive leadership of security operations, including SOC and incident response operations, with integrations with the global cyber security capabilities.
• Drive adoption of modern cyber capabilities, including AI, automation, and secure software development (SSDLC).
• Engage with federal clients and support proposal, capture, and delivery efforts to embed cyber security into business growth and contractual outcomes.
• Manage the cyber security budget and investment portfolio, ensuring alignment to risk reduction, regulatory compliance, and business priorities.
• Oversee third-party and supply chain cyber risk management aligned to federal requirements.
• Lead a high-performing cybersecurity organization while fostering a strong security-first culture across teams.

Deloitte Technology-US

Deloitte Technology-US helps power Deloitte’s success. Deloitte Technology-US drives Deloitte, which serves many of the world’s largest, most respected organizations. DT-US develops and deploys cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.

The ~3,000 professionals in DT-US deliver services including:

• Cyber Security
• Technology Support
• Technology & Infrastructure
• Applications
• Relationship Management
• Strategy & Communications
• Project Management
• Strategic Financial Management

DT-US Cyber Security

DT-US Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, with integration into the global cyber security capabilities that to protect the Deloitte brand.

Areas of focus include:

• Risk & Compliance
• Identity & Access Management
• Data Protection
• Cyber Design
• Incident Response
• Security Architecture
• Business Partnership

Required Qualifications:

• Bachelor’s degree or equivalent in Computer Science, Computer Engineering, Business Administration.
• Minimum 12 years of experience in cybersecurity, information risk management, or technology risk, including leadership roles within large-scale, highly regulated environments (e.g., federal, defense, or regulated commercial sectors).
• Proven experience leading cybersecurity programs in cloud and regulated environments, including FedRAMP High, DoD Impact Levels (IL), and CMMC.
• Deep knowledge of federal security frameworks and compliance programs, including:
  • NIST RMF (800-53), NIST 800-171, NIST 800-218 (SSDF)
  • FISMA, FedRAMP, DoD SRG, CMMC
  • Zero Trust architecture and federal mandates
• Minimum 5 years as people leader, including leading large, matrixed teams (e.g., 10+ direct reports and 50+ indirect reports or equivalent scope).
• Must be eligible for TS/SCI.
• Ability to travel 0-10%, on average, based on the work you do and the clients and industries/sectors you serve
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Preferred Qualifications:

• The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, and knowledgeable about cybersecurity.
• Advanced degree (master’s or higher) in Information Security, Computer Science, Information Systems, or a related field preferred.
• Demonstrated experience defining and executing enterprise cyber security strategies aligned to business objectives, regulatory requirements, and risk appetite.
• Experience overseeing ATO lifecycle management, including continuous monitoring and regulatory/audit engagements.
• Demonstrated ability to lead secure software development lifecycle (SSDLC) and application security programs at scale.
• Demonstrated experience with driving automation to enable growth and scaling with maintaining budget and manning levels, while adopting to increasingly demanding technology.
• Experience driving enterprise-wide cybersecurity transformation and organizational change, including influencing senior stakeholders in matrixed environments.
• Industry certifications such as CISSP, CISM, CISA, GIAC, or equivalent experience strongly preferred.

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.  At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.  A reasonable estimate of the current range is $97,600-$200,600.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Information for applicants with a need for accommodation:
https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html

EA_ExpHire
RITM10303065