Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
Data Protection Security Architect
Location: Hermitage/Nashville, TN, Rosslyn, VA or can consider other locations in the US (Remote/Virtual)
Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte's Information Technology Services (ITS). We are curious and life-long learners focused on technology and innovation.
Work you'll do
We are seeking an experienced Data Security Architect to join the US Cybersecurity Data Protection Team. This is a Senior Cyber Security Role that is highly strategic, requires prior hands on technical cyber security engineering experience and will have the responsibility to provide data security direction and guidance for all US data protection initiatives. This person will play a key role in ensuring consistent implementation of data security controls and design principles within Deloitte US Member Firm, and to help understand where our data resides, and how to protect it. The role requires cyber security and data security industry knowledge, leadership and collaboration skills to work with Senior Managers, Technical Delivery Managers, Business Information Security Officers, Program Management Office, Data Owners, Data Custodians, IT Infrastructure Teams, Confidential and Privacy Champions, Office of Confidentiality and Privacy Leadership etc. in a cross functional environment. The successful candidate will report directly to the US Data Protection Senior Manager, and their role will be to act as a Senior Security Architect/Engineer, primarily focused on areas of data protection, data access governance, data classification, data loss prevention and data encryption.
As part of the US Data Protection team, this professional will have the following core responsibilities:
Act as a subject matter expert in the areas of data loss prevention, data access governance, cloud data loss prevention, cloud access security broker, data classification, data encryption and other data protection related technologies.
Drive the implementation of appropriate controls around the use, storage, management and distribution of unstructured data within Deloitte US member firm.
Support the Data Classification and Rights Management Service Owner in adoption, growth and roll out of the service within Deloitte US Member Firm.
Review technology designs with analysts, focusing on data protection principles and technologies, taking local, regional and US regulatory requirements into account (e.g. SOX, HIPAA, PCI etc.).
Work with Office of Confidentiality and Privacy, Business Information Security Office, Deloitte Business Leaders and Enabling Areas on practical implementation of data protection policies and controls across Deloitte US Member Firm.
Communicate and serve as a Technical Subject Matter Expert overseeing the implementation of data security solutions required to meet business objectives.
Lead the technical configuration, implementation, administration and management of multiple data protection cyber security products and solutions.
Perform vendor evaluations and proof of concepts for service improvements, in-flight projects and emerging technologies.
Investigate, design & architect cyber data protection controls as they are identified.
Develop and maintain an in-depth understanding of Deloitte's business processes, core systems, technologies, data, client engagement teams and customers.
Closely collaborate with Global Cybersecurity Data Protection Team to help develop US Data Security technical roadmap.
Assist with the implementation and translation of data security policies.
Establish effective working relationships across various line of business and US member firm security & IT leaders to understand their business requirements to help execute their business strategy.
Be up to date on industry trends around cyber risk and data protection practices.
Information Technology Services (ITS) helps power Deloitte's success. ITS drives Deloitte, which serves many of the world's largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~2,500 professionals in ITS deliver services including:
Security, risk & compliance
The US Cyber Security team within ITS is responsible for vigilantly protecting Deloitte and client data. The team is responsible for a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand. Areas of focus include: Cyber Design, Risk & Compliance, Technology Risk Management, Identity & Access Management, Data Protection, Incident Response and Architecture.
The Deloitte US Cybersecurity Data Protection Team is responsible for securing and protecting confidential data of Deloitte US Member Firm. The primary mission of the team is to implement and enhance the Cybersecurity controls to protect data for its 94,000+ US Employees and the clients they serve.
Bachelor's degree: degree in business administration, a technology-related field, or equivalent education-related experience preferred
Minimum 8 years of IT experience with 3 years in a Senior Security Architect type role.
Experience with a combination of the following technologies:
Data Loss Prevention (DLP) Technologies (i.e. Symantec DLP, RSA DLP, Office365 DLP)
Data Access Governance (DAG) Technologies (i.e. Veritas Data Insight, Varonis Datadvantage)
Cloud Access Security Broker Technologies (i.e. Symantec CloudSoc CASB, Netskope CASB)
Data Classification and Rights Management Technology (i.e. Azure Information Protection and Azure Rights Management)
Data Encryption, tokenization, masking and redaction technology solutions.
Experience implementing and designing security controls for Microsoft O365 technologies across including: Azure AD, Exchange Online, SharePoint Online, OneDrive for Business and Teams
Experience working in a matrix model and will be required to support and lead specific cybersecurity technical initiatives, as well as act as an advisor & subject matter expert in non-cybersecurity led initiatives and projects, across multiple organizational functions
Experience in a highly complex organization promoting business and/or cybersecurity strategies and working with individuals across different time zones and understanding cultural differences
Demonstrated experience in designing and implementing technology and process solutions to reduce the potential risk of data compromise.
Understanding of the entire ecosystem of data protection including well-rounded understanding of the information security domains and their inter-relations across that ecosystem including Public Key Infrastructure (PKI) and database activity monitoring.
Professional security certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security+ etc.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
Ability to translate technical/security issues to business users
Strong relationship, team building and facilitation skills
Knowledge and experience of Information Security Risk and Security governance
Ability to travel as needed (but no more than 15-20%)
How you'll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals.
As used in this posting, "Deloitte" means Deloitte Services LP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. https://www2.deloitte.com/us/en/pages/careers/articles/ban-the-box-notices.html
Requisition code: E20NATSMGRLJ035-ITL5
Deloitte & Touche L.L.P.