Deloitte Information Security Officer, Sr. Manager (Deloitte Function Specific Subsidiary) in Hermitage, Tennessee

Deloitte is one of the leading professional services organizations in the United States, specializing in audit, tax, consulting and financial advisory services with clients in more than 20 industries. We provide powerful business solutions to some of the world s most well-known and respected companies, including more than 75 percent of the Fortune 100.At Deloitte, you can have a rewarding career on every level. In addition to challenging and meaningful work, you ll have the chance to give back to your community, make a positive impact on the environment, participate in a range of diversity and inclusion initiatives, and find the support, coaching, and training it takes to advance your career. Our commitment to individual choice lets you customize aspects of your career path, your educational opportunities and your benefits. And our culture of innovation means your ideas on how to improve our business and your clients will be heard.Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services. The US Chief Information Security Officer (CISO) oversees the strategy and governance of information security, risk management and information security operations for the entire Deloitte US firm. Deloitte Information Technology Services (ITS) is looking to fill the position of a FSS Information Security Officer (ISO) to act as a business partner between the FSS and the US Cyber Security organization, to champion cyber security initiatives within the FSS and serve as a trusted advisor on information security to client engagement teams within the FSS. This position will have responsibility to lead cyber security for two FSS areas and influence security objectives and efforts across them, to protect critical assets, align and prioritize our cyber security investments, to establish enhanced information security defense, minimize vulnerabilities and strengthen business resilience. The FSS ISO is expected to proactively work with the US CISO to understand and respond to key cyber security requirements where the US Cyber Security organization should play a role in conceptualizing, creating and managing information security services to the FSS. The FSS ISO will also engage closely with their FSSs Chief Technology Officers (CTO) and other Risk Management professionals to adopt consistent cyber security practices at the business level, report on cyber security risks, and drive risk mitigation. This role will report to both the US CISO and respective FSSs CTOs and have responsibility to influence cyber security strategy actions cross-functionally and must possess a high degree of integrity, sound judgment, as well as have domain competency in the field of information security and risk management. The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, is knowledgeable about cybersecurity, and has a strong knowledge of security best practices and security technologies. Role-Specific ResponsibilitiesInformation Security KnowledgeServe as the central point of contact for information security related issues within specified FSSs. The FSSs are grouped as follows:Audit & TaxAdvisory & ConsultingEnabling Areas & Federal Support the development, implementation, and management of a firm wide cyber security strategy to ensure the security, integrity, confidentiality, and availability of Deloitte s information assetsEnsure all FSS staff, systems, processes and tools are aligned with the US CISO organization s cyber security strategy Serve as a trusted advisor on cyber security related inquiries from client engagement teams, leadership, and regulators and help balance protection of information assets with operational effectivenessWork directly with the FSS leaders to facilitate information security risk assessments and risk management processes, including maintaining, communicating, and ensuring compliance with organizational security policies Build and sustain information security practices at the FSS level such that it can keep pace with the rapidly evolving threats Provide FSS perspective in developing and maintaining up-to-date information security policies, standards and guidelines Promote information security culture and awareness across the FSS Support the cultivation of a cyber security knowledge sharing culture across all FSSs including Enabling Areas, Federal, and USI.Collaborate cross-functionally and help oversee US CISO organization s security investments Lead within the FSS to assess and coordinate critical response efforts for information security events Support the measurement of the efficiency and effectiveness of the cyber security programFacilitate appropriate resource allocation to increase the maturity of the cyber security programServe as a member to the Cyber Security CouncilPersonal SkillsStrong customer focus understand needs and concerns of clients, practitioners, and respond promptly and effectively to customer requests.Ability to gain and reach consensus and collaborate across leadership, resolving differences by determining needs and creating mutually beneficial solutions.Comfortable dealing with complexity and ambiguity, but able to challenge and enquire to develop appropriate and achievable solutions to problems.Ability to manage to results by balancing strategic goals with tactical wins that focus on pragmatic solutions for the business.Minimum Qualifications Education:Bachelor s Degree or equivalent experience in Information Security, Computer Science, or Information Systems Years of Experience:10 years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client-service experience in the field. Other Specific Skills or Knowledge:Advanced generalist - organizational skills and experience, including project- or role-based experience in the following: policy and standards, risk management and reporting, and change management / adoption.C-level and executive interaction experienceDemonstrated experience driving strategy with cross-functional executive level stakeholdersDemonstrated ability to drive organizational change and work with multiple business units of an organization to effect changeExceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tactProven knowledge and experience across multiple information protection and security domainsBroad knowledge and experience across IT infrastructure with security frameworks and standards such as ISO 17799/27001, NISPOM, PCI, and other relevant security-related regulations Understanding of and ability to effectively apply trends and developments in the area of global security and risk managementAbility to frame and communicate security and risk-related concepts to technical and nontechnical audiences at various levels Strong understanding of Deloitte Touche Tohmatsu Limited operating environment OR successful experience working in a comparable global professional services organization is preferredProfessional security certifications such as CISSP, CCISO, or CISA or equivalent experience

About Deloitte

As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: If you are not reviewing this job posting on our Careers site (careers.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at careers.deloitte.com.

Category: Information Technology