Cyber Security Biso Analyst

Deloitte Williamsville , NY 14221

Posted 2 weeks ago

Position Summary

Location: Anywhere is US

Job Summary

Cyber BISO Security Analyst role works in the Deloitte Function Specific Subsidiaries (FSS) Chief Information Security Officer (CISO) organization directly supporting Deloitte's Risk & Financial Advisory (RFA) FSS businesses. The role involves close integration with various FSS client-service leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption. The position will drive the execution and enhancement of cyber security throughout information systems solutions in both on-premise and cloud hosted environments.

This fast-paced multi-faceted environment requires a highly motivated, self-driven, strong team player who demonstrates an intrinsic desire for continuous personal and professional growth.

The role is responsible for elevating the overall security posture of FSS owned applications by supporting and applying security through industry best practices in software design, architecture, and compliance. Additionally, accountable for ensuring compliance through industry accepted frameworks such as SOC2, NIST, HITRUST etc. The role is responsible for providing cyber security expertise and risk mitigation approaches between technical and non-technical domains.

The primary cyber focus areas include Cloud Security, Logging & Monitoring, Identity and Access Management (IAM), Application Vulnerability Management, Data Protection and the implementation of security requirements, design specifications, and compliance controls.

Responsibilities

  • Support security architecture and guiding principles and apply to information technology initiatives

  • Deliver technical guidance related to enhancing the security posture of information systems solutions

  • Participate in the security governance model, establishing policies, standards, and best practices

  • Contribute in addressing changes in the external threat landscape that have an impact on the use of on-premise and cloud computing technologies

  • Assist the design and implementation of security architecture controls to meet compliance requirements

  • Minimum 25% travel up to 50% travel

The team

Information Technology Services (ITS) helps power Deloitte's success. ITS is the engine that helps to drive Deloitte, which serves many of the world's largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.

The ~2,200 professionals in ITS deliver services internally including:

  • Cyber security

  • Technology support

  • Technology & Infrastructure

  • Application development and management

  • Relationship management group

  • Strategy

  • Deployment

  • PMO

  • Financials

  • Communications

Cyber Security

The Cyber Security team is responsible for vigilantly protecting Deloitte and client data. The team is responsible for a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.

Areas of focus include:

  • Cyber design

  • Risk & Compliance

  • Technology Risk Management

  • Identity & Access Management

  • Data Protection

  • Incident Response and Architecture

Qualifications

  • Bachelor's Degree or equivalent experience in Information Security, Computer Science, or Information Systems

  • 2+ years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client-service experience in the field.

  • Professional information security certifications preferred

Other Specific Skills or Knowledge

  • Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and capable of communicating recommendations

  • Strong working experience in multiple (two or more) cyber security disciplines such as (but not limited to) Identity and Access Management (IAM), Data Protection/Encryption, Security Information and Event Management (SIEM), Logging and Monitoring, Data Loss Prevention (DLP) or Cloud Security

  • Experience supporting cyber strategy with cross-functional executive level stakeholders

  • Demonstrated ability support organizational change and work with multiple business units

  • Knowledge and experience across multiple information protection and security domains

  • Knowledge of IT asset management and/or configuration information database (CMDB)

  • Broad knowledge and experience across IT infrastructure with security frameworks and standards such as ISO 27001, NIST, PCI, and other relevant security-related regulations

  • Understanding of and ability to effectively apply trends and developments in global security and risk management

EA_ExpHire

EA_ITS_ExpHire

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.

Professional development

From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

As used in this posting, "Deloitte" means Deloitte Services LP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available.

Requisition code: 37628

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Lead Biso Analyst

Deloitte

Posted 1 week ago

VIEW JOBS 1/14/2022 12:00:00 AM 2022-04-14T00:00 Position Summary Location: All Locations (Remote) Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte's Information Technology Services (ITS). We are curious and life-long learners focused on technology and innovation. Work you'll do This role operates in the Business Information Security Officer (BISO) function within Deloitte's internal Cyber Security organization. The BISO team works closely with various business leaders, technical and non-technical stakeholders to drive adoption of cyber security policies, standards, and industry-leading practices across the US Consulting line of business. You will work alongside technical and non-technical professionals to ensure the appropriate cyber security posture for systems and applications supporting business operations and client delivery. Responsibilities * Provide cybersecurity subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle. * Advocate appropriate cybersecurity software engineering practices such as unit testing, software composition analysis, code reviews, full build testing, quality engineering practices and requirements capturing techniques to business teams to improve end to end secure delivery practices. * Advocate for and ensure appropriate security practices are communicated and implemented within business application security programs. Support adherence and awareness of these practices. * Lead open-source scanning program including training, tool onboarding, results analysis, and coordination between stakeholders. * Triage and analyze vulnerabilities discovered within internally developed code and open-source dependencies. * Assist application teams with on-boarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations. * Implement cyber security action plans or remediation activity as required for information systems hosted on-premise or the cloud. * Be a trusted advisor for security initiatives by providing objective, practical and relevant ideas, insights, and advice. * Deliver tasks based on project objectives; technically support projects through to completion. * Ensure deliverables are completed within target timeframes and are consistently of high-quality, documented and support transition of operational activities. * Collect and format the data required for established KPIs to ensure performance is measured against expected business outcomes. * Work with teams to implement appropriate security automation practices and bring continuous improvement to security processes and tools. * Work with teams to implement applicable cybersecurity controls and rules, to ensure compliance to firm policies. * And other responsibilities as required. The team Information Technology Services (ITS) helps power Deloitte's success. ITS is the engine that drives Deloitte, which serves many of the world's largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence. The ~2,500 professionals in ITS deliver services including: * Security, risk & compliance * Technology support * Infrastructure * Applications * Relationship management * Strategy * Deployment * PMO * Financials * Communications Cyber Security Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand. Cyber areas of focus include Cyber design, Risk & Compliance, Technology Risk Management, Identity & Access Management, Data Protection, Incident Response and Architecture. Qualifications * Bachelor's degree in Information Security, Computer Science, Information Systems or related field * Minimum of 4 years of experience in cloud security and/or application security or system administrator role with experience in vulnerability analysis and remediation * Experienced applicants with a documented history of technical writing, knowledge management, and governance, risk, and compliance will be considered. * Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and non-technical audiences at various hierarchical levels. * Ability to work in a dynamic fast-paced environment, managing competing priorities and complex requirements. * Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future. Preferred: * Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials. * Cloud security certifications. * Solid understanding of software development life cycle, test driven development, continuous integration and continuous delivery * Solid understanding of different types of security testing/scanning and their application to secure software development lifecycle * Demonstrated competencies in system administration and security protocols for client/server environment. Experience working with cloud-based IaaS and PaaS solutions on a windows platform and Open Source/Linux. * Experience with containerization and orchestration of web services. * Working knowledge of Agile, SAFe, and DevSecOps. * Working knowledge of GIT, JIRA, Jenkins, Docker, Puppet, Chef, other Agile CI/CD and project management tools and Kanban boards. * Strong knowledge of key cybersecurity technologies such as network security tools (firewalls, intrusion detection system (IDS)/ intrusion protection system (IPS), content filtering, network access control (NAC), end-point protection (AV, EDR, MDM), data loss prevention, encryption, vulnerability management, and security information and event management (SIEM). * Knowledge and understanding of information security legal and regulatory requirements, such as General Data Protection Regulation (GDPR), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard * Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework. * Knowledge of top security vulnerabilities and remediation, such as OWASP Top 10, CVE, CWE, SANS Top Software Errors EA_ExpHire EA_ITS_ExpHire Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture. Professional development From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. As used in this posting, "Deloitte" means Deloitte Services LP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. Requisition code: 54454 Deloitte Williamsville NY

Cyber Security Biso Analyst

Deloitte