• Lead the research and development of Deloitte Global cybersecurity standards, detailed security baselines and their supporting documents, to meet Deloitte’s business objectives and cybersecurity risk appetite
• Collaborate with subject matter experts and leadership to determine the impact of cybersecurity standards and help resolve deployment challenges and risks
• Interact with relevant stakeholders to apply consistent application of cybersecurity policies and standards, and to ensure that changes to existing documents, new standards, and supporting documents are communicated
• Author documents and contribute to presentations, talking points, and Statements of Applicability on standards
• Support any Policies & Standards awareness initiatives and advise internal clients on applicability and interpretation of the standards’ requirements
• Develop and maintain compliance mapping of Deloitte standards’ requirements to ISO 27002
• Collaborate with team members and other Deloitte cybersecurity teams to ensure alignment
• Foster continuing maturity of the Policies & Standards team, using newer technologies such as Artificial Intelligence and Machine Learning.
Required Qualifications:
• Bachelor’s degree in cybersecurity, information systems, computer science, or other technology-related field, or equivalent experience
• 3+ years of proven combined experience, in a global/Fortune 500 company, in the information security / cybersecurity domain, with a focus on policies and standards, or cybersecurity governance and risk management
• Experience with at least one of the technical domains (networking, operating systems, cloud, Artificial Intelligence, software development etc.)
• Strong ability to clearly communicate complex cybersecurity statements to technical and non-technical audiences at various hierarchical levels
• Deep knowledge of common information security management frameworks and standards, such as ISO/IEC 27001/27002, NIST 800-53, and the NIST Cybersecurity Framework
• Soft skills: collaboration, teamwork, persuasion, attention to detail, time management, prioritization, resourcefulness
• Advanced proficiency with MS Office products, primarily MS Word, Excel, PowerPoint
• Excellent written and verbal communication skills
Preferred Qualifications:
• Professional certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or similar credentials
• Expert knowledge and understanding of information security legal and regulatory requirements