Technology Hardening Practices Engineer, Global Cybersecurity, Global, London
At Deloitte, we expect results. Incredible-tangible-results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark. Deloitte Global supports our talented professionals in answering the question: What impact will you make?
We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us. Your role
The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers acomprehensive set of security services to Deloitte's global network of firms around the globe.
- Responsible for day to day management of the Global Cybersecurity Technology Hardening Practices Program
- Develop and maintain leadership approved roadmap of documented infrastructure and end user technology hardening practices
- Collaborate with Global technology teams and colleagues to write hardening practices, ensuring alignment with Global security policies and standards, published risk assessments and reference architectures for security solutions
- Work with global business functions (Tax, Audit, Consulting, etc), and Global Digital Application Studios to ensure hardening practices align and support business processes and models. Understands the impact security hardening practices have on the respective organizations and their ability to effectively deliver client services
- Prepare governance materials for hardening practice documents and support them through the global governance process
- Working with the Cyber Defense group and the Security Operations Center, evaluate the effectiveness of the hardening practices in relation to actual intrusions seen on the Deloitte network, reported threats at peer organizations and overall cybersecurity threats in the Internet ecosystem
- Monitor security blogs, articles, and reports and remain current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends. Where relevant, notify leadership to incorporate information into processes, procedures, and hardening practices documents
- Translate global information security policy requirements and standards into sound and practical global cybersecurity hardening practices for infrastructure and end user computing technologies
- Perform in-depth vulnerability management analysis to identify required hardening practices
- Perform testing and validation of proposed hardening practices, factoring in system and practitioner impact and cost
- Provide oversight and assurance of cybersecurity hardening practices in development and deployment through to system/project go-live
- Provide input and subject matter expertise (SME) review of new and updated Cybersecurity policies and standards, providing feedback from a practicality and capability perspective of technical implementation
Your work, your choice
- Create, develop and maintain strong relationships with key leaders across multiple technical and non-technical DTTL networks,understanding system administrator and end user needs, including potential impact hardening practices may have on their day to day roles and Deloitte's ability to serve clients
- Socialize content with DTTL and member firm leaders/SMEs
- Holds a strong working relationship with the Global Cybersecurity Strategy and Governance team (who oversee the creation of cyber standards and policies), Shared Security Services Team (who run security services) and Security Architecture Manager to ensure hardening practices align with approved security policies, standards and architecture patterns
- Works closely with the Shared Security Service Owners to ensure new hardening practices receive appropriate testing prior to deployment into production
- Works with the Global Business Services and Member Firm Services organizations to ensure hardening practices align with business needs and requirement
At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.
Work pattern: This is a permanent contract opportunity. The role can be worked on a full-time basis. Our team members work a variety of agile working patterns. Tell us what arrangement works for you and we'll try to accommodate. Your professional experience
Your service line: Deloitte Global
- Bachelor's degree: degree in business administration, a technology-related field, or equivalent education-related experience
- Combined experience in engineering and solution design in an information security context
- Proven track record and experience of developing and supporting security requirements across a broad spectrum of infrastructure and end user computing technologies
- Exceptional written and verbal English language communication skills
- Excellent interpersonal and collaborative skills, with ability to communicate technical information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
- Sound knowledge of information / cybersecurity engineering and solution design and the ability to translate those into clearly documented security hardening practices
- Expert knowledge of key cybersecurity technologies such as application security design principles, authentication and authorization models, secure coding, application and penetration testing, encryption, system hardening, vulnerability management, open source systems and security information and event management (SIEM)
- Strong knowledge and understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
- Advanced competency in Microsoft Office technologies
- Ability to multi-task, prioritize work and work independently
- Process-oriented mind set
- A demonstrable passion for the field of Information Security
- Ability to travel as needed (no more than 10%)
- Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
- Member of IISP or have the qualification, skills and experience to become a member
- Relevant technical certification preferred (CISSP-ISSEP, CEH, CCNP Security, GSEC)
Across disciplines and across borders, Deloitte Global supports our network of member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Deloitte Global professionals makes an impact that matters to the world of Deloitte. We share a passion for igniting change and a strong service orientation that shapes our organization and those it supports. Personal independence
Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process. About Deloitte
Our Purpose & Strategy
To make an impact that matters for our clients, our people and society - defines who we are and what we stand for. Our purpose provides the foundation for our strategy and our aspiration to be the undisputed leader in professional services: this is not about size, it's about being the first choice. The first choice for the largest and most influential clients, and the first choice for the best talent. What do we do?
Deloitte offers global integrated professional services that include Audit & Assurance, Consulting, Financial Advisory, Legal, Risk Advisory and Tax Consulting. Our approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities whatever the role, technology revolutions and innovation from multiple disciplines to help our clients excel anywhere in the world. Beyond the UK: Deloitte North and South Europe
The UK is part of Deloitte North and South Europe (NSE), the second largest member firm in the Deloitte network. Deloitte NSE combines operations in Belgium, Central Mediterranean (Italy, Greece, Malta), Ireland, the Middle East (Bahrain, Cyprus, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Oman, Palestinian Ruled Territories, Qatar, Saudi Arabia, United Arab Emirates, Yemen), the Netherlands, the Nordics (Denmark, Finland, Iceland, Norway and Sweden), Switzerland and the UK. Deloitte NSE brings together 2,700 partners and over 50,000 people, combining our unmatched breadth and depth of capabilities in audit and assurance, consulting, financial advisory, risk advisory, and tax and legal across the region. Being part of Deloitte NSE supports our aspiration to be the undisputed leader in professional services and will create more opportunity and growth for our people. What do we value?
What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for maximum impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. Being a Leader at Deloitte
Cultural fit and purpose-led leadership is crucial for Deloitte. Our leaders always set the example and inspire their colleagues. They make quality time for people and take an interest in them. They know what matters to people - both inside and outside work - and value them as individuals; always finding opportunities to develop them while showing respect and appreciation.
We expect colleagues at all levels to embrace and live our purpose and our leadership culture by challenging themselves to identify issues that are most important for our clients, our people, and for society and make an impact that matters. We know leadership comes in all shapes and sizes, but our Leadership Charter helps all of our people understand what we're looking for:
- We live our purpose: we act as a role model, embracing and living our purpose and values, and recognising others for the impact they make
- We develop talent: we develop high-performing people and teams through challenging and meaningful opportunities
- We drive performance: we deliver exceptional client service; maximise results and drive high performance from people while fostering collaboration across businesses and borders
- We believe positive influence can make an impact that matters: we influence clients, teams, and individuals positively, leading by example and establishing confident relationships with increasingly senior people
- We move, together, towards a strategic direction: we understand key objectives for clients and Deloitte, aligning people to objectives and setting priorities and direction.
WPFULL SLICSS BAITEC
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 1 New Street Square, London EC4A 3HQ, United Kingdom.
Deloitte LLP is the United Kingdom affiliate of Deloitte NSE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NSE LLP do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.
© 2020 Deloitte LLP. All rights reserved.
Requisition code: 178254