Are you attracted to the opportunity to build and lead a world class, innovative Red Team function to meet today and tomorrow's cybersecurity needs, challenging a complex, dynamic, global organization with a network of member firms to improve its security effectiveness? Deloitte Global is seeking a creative, energetic person who is an expert and a pioneer in the development of offensive security approaches and a seasoned and effective manager of teams to build a Global Red Team under the umbrella of our multi-year Cyber Acceleration program.
Work you'll do:
Our global network of member firms is strongly committed to securing our data and systems. To continuously deliver on this commitment, we have embarked on a multi-year Cyber Acceleration program, a five-point initiative comprising of 40 global projects. Taken together, these projects will further strengthen our global risk posture and lead to measurable risk reduction.
In this role, you will work across Deloitte Global and the member firms across the Deloitte network to meet that commitment. You will develop a formalized Red Team structure which will reside within the construct of the Penetration Testing service, assuming an adversarial role in a variety of capacities. The Red Team Leader has day-to-day oversight of the globally distributed Red Team, and is primary POC for operational requests and issues within the Deloitte network of member firms. The Red Team will deliver an auditable evaluation process, assessing the effectiveness of and making recommendations for the controls required for digital assets to meet the Deloitte network's risk appetite.
What you'll be part ofour Deloitte Global culture
At Deloitte, we expect results. Incredibletangibleresults. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit inwith an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand outwith opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.
Deloitte Global supports our talented professionals in answering the question: What impact will you make?
Who you'll work with:
The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center.
As part of the Global Cybersecurity team, the Global Red Team Leader will have organizational, project, leadership and operational responsibilities that include, but are not limited to, the following:
Broad responsibilities will be to work with Deloitte network member firms globally to determine criticality, priority and timing of Red Team testing
Oversee testing of member firm services to identify vulnerabilities and attack vectors
Day-to-day management of Red Team testing providers/vendors
Ongoing liaising with member firm stakeholders to provide:
Communications on how to effectively engage red team services and what capabilities are available
Provide consultative guidance on remediation's and paths for effectively addressing identified vulnerabilities
Plan, scope and oversee Red Team engagements for both strategic and targeted testing for member firms
Coordinate additional security services requested by member firms, including ad-hoc requests to test the security of software, configurations, implementations and/or any other services offered under the Deloitte Global security strategy
Escalation of issues experienced to the Service Leader
Compile relevant security metrics and deliver them to the penetration testing Service Leader
Daily activities will consist of:
Service management of ongoing and future Red Team operations
Managing operational processes of the Red Team's services to member firms
Resolving Deloitte member firm inquiries or support escalations to the Global Information Security Officer Penetration Testing Service Lead
Recommending solution improvements/enhancements (e.g. technology, processes and governance)
Regional vendor management and ongoing coordination of Red Team activities
How you'll grow:
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.
Benefits you'll receive:
Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
To be considered for this role, there are certain qualifications you'll have to have. And others that would be really, really nice.
Bachelor's and/or Master's Degree in business administration, commerce, computer science, engineering or related field or significant relevant industry experience
A minimum of 10 years of experience, including people and process management experience
Thought-leader level knowledge with, and a proven record of success directing efforts in Red Team requirements, techniques, and activities
A proven record of success in establishing strategic direction for a Cyber Red Team and leading teams to execute against that strategy
Experience with secure coding best practices, application and network attack vectors and vulnerabilities
Success with building and maintaining relationships across a network to effectively deliver Cyber Red Team activities
Strong understanding and experience with solution design, architecture, deployment and management in a large, preferably global, enterprise
Extensive stakeholder management experience. Ability to work with multiple internal stakeholders and external vendors will be critical keys to success
Exposure to and experience with cyber security industry standards and trends
Knowledge of the following:
ISO 27000 series such as 27001, 27002, 27032, 27035
NIST SP 800 series
OWASP Top Ten
SANS Institute - CIS Critical Security Controls
Standard of Good Practice for Information Security
Security architectures and designs (e.g. SIEM, IDS/IPS)
Security operations center (SOC) functions and activities
Incident management and response
Demonstrated experience working with diverse stakeholders, preferably on a global, multi-national basis
Ability to manage concurrent initiatives and use effective judgment in prioritization and time management
Strong written and verbal communication skills
Proven ability to communicate with and present materials to senior audiences
Ability to translate technical requirements and challenges to leadership
Creative, self-motivated, highly energetic and results oriented
Excellent analytical/problem solving ability
Strong influence, negotiation and relationship management skills
Proficiency with Microsoft Office tools, especially collaboration tools
Although not required, possessing any of the following will be an asset:
Cyber security related certifications/designations, such as:
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
GIAC Security Certification (GSEC, GCIH, GPEN)
Offensive Security certifications such as OSCE or OSCP
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com
Requisition code: DE19EMAGTS006MB0590
Deloitte & Touche L.L.P.