Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting edge products and services that deliver outstanding value and that are global in vision and scope?
Work with premier thought leaders in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?
Want to make an impact that matters? Consider Deloitte Global.
We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients.
If this opportunity is of interest to you with some flexibility, please do discuss with us.
Develop risk mitigating strategies of assigned items.
Identify areas for improvement including systems integration, new technology, and automation; and work with colleagues to design and implement solutions.
Monitor security blogs, articles, and reports and remain current on related laws, regulations, and industry standards to keep up-to-date on the latest security risks, threats, and technology trends, where relevant notify leadership to incorporate information into processes, procedures, and audit preparedness activities.
Assist with the operational management of the vulnerability management tool, configuring, operating, reporting and managing findings and providing support to other users of the system.
Identify task owners and negotiate dates for remediation to be complete; track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting.
Identify non compliances to global standards, work with GTI and GDAS colleagues to remediate and implement treatment plans.
Implement the requirements of Continual Service Improvement.
Monitor ServiceNow queues and ensure requests are handled within specified SLEs.
Review change requests and provide cyber security related feedback.
Provide Cybersecurity SME support to GTS colleagues for issues relating to vulnerability management, compliance to security controls, Active Directory policy, privileged access, incidents and change management.
Create, develop and maintain strong relationships across GTS, understanding system administrator, developer and end user requirements.
Form a strong relationship with the Security Shared Service teams to assist in the remediation of globally identified vulnerabilities and management of security within GTS managed environments.
Your work, your choice
At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients.
Please speak to your recruiter about the working pattern that works best for you.
Location : London based role
Work pattern : This is a permanent contract opportunity. The role can be worked on a full-time basis.
Your professional experience
Bachelor’s degree in business administration, a technology-related field, or equivalent education-related experience
Experience in engineering and operations in an information security context
Proven track record and experience of developing and supporting security requirements across a broad spectrum of infrastructure and end user computing technologies
Expert knowledge of key cybersecurity technologies such as network security tools (firewalls, intrusion detection system (IDS) / intrusion protection system (IPS), content filtering, network access control (NAC), end-point protection (AV, EDR, MDM), data loss prevention, encryption, vulnerability management, and security information and event management (SIEM)
Strong knowledge and understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry / Data Security
Knowledge of common information security management frameworks, such as ISO / IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
Advanced competency in Microsoft Office technologies
Exceptional written and verbal English language communication skills
Excellent interpersonal and collaborative skills, with ability to communicate technical information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
Ability to multi-task, prioritize work and work independently
Process-oriented mind set
Member of IISP or have the qualification, skills and experience to become a member
A demonstrable passion for the field of Information Security
Ability to travel as needed (no more than 10%)
Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials