Business Information Security Assistant Manager at Deloitte

Connect to your opportunity

As an Assistant Manager within the Business Information Security area, you’ll work closely with both technical and non-technical stakeholders within an assigned line of business or technology enablement area providing the best possible support across a range of cybersecurity, risk, and risk mitigation disciplines. Along with having knowledge of industry-accepted best practices, the Assistant Manager is expected to ensure that all applications and systems aligned to their line of business adhere to internal cybersecurity policies, standards, escalating any non-compliance up to the associated Business Information Security Officer (BISO). Successful candidates should showcase the capability to effectively influence and cultivate robust relationships with diverse stakeholders.

Responsibilities Include:

• Understand the assigned global line of business, gain familiarity with priorities and become an advocate for the line of business within cybersecurity.
• Drive organizational change and work with multiple business units of a large organization to effect change.
• Oversee and help drive design and implementation of application security controls in support of compliance requirements using secure design and development methodologies.
• Support the Secure Systems Development Lifecycle (SSDLC), including functional and non-functional cybersecurity requirements.
• Strive for process improvement and automation; help development and operations team build automation for repeatable Cyber related vulnerability management activities.
• Maintain awareness of evolving application security threats and inform development, business, and risk stakeholders.
• Provide application-specific security subject matter expertise to assigned customers.
• Evaluate the likelihood and impact of application vulnerabilities; develop and drive mitigation approaches.
• Lead, coach, and mentor project teams to incorporate security into enterprise and client-facing applications.

Connect to your skills and professional experience

Required:

• Proven related experience, including cybersecurity and/or risk management or equivalent experience in organizations of a similar scale or client-service experience in the field.
• Demonstrated ability to drive organizational change and work with multiple business units of a large organization to effect change.
• Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tact.
• Experience with cloud security principles and functions.
• Solid capabilities across multiple security domains such as identity and access management (IAM), public key  encryption, security information and management (SIEM), incident response, threat & vulnerability management.

Preferred:

• Familiarity with SOC 2 principles; experience in application security to meet SOC 2 requirements.
• Experience conducting or managing application penetrating testing.
• Experience in software development, security architecture, and/or application security.
• Experience with Agile practices, SCRUM, Microsoft SDL, and STRIDE.