Cyber Risk Manager

--

The Cyber Risk Manager will be part of Global Cybersecruity-Governance, Risk and Compliance. The work will include:

• Defining and maintaining KPIs and KRIs for Deloitte Technology, providing executives (including BISOs) with operational Cyber Risk insight into the Risk exposure of Deloitte Technology.
• Creating, managing and maintaining a dashboard of security specific KRIs, and reports metrics to BISOs and DT Leadership.
• Assisting BISOs and wider Cyber operations teams in the identification, processing and lifecycle management of risks (e.g., in a Cyber Risk register).
• Working effectively with Deloitte Technology operational teams and our BISOs to facilitate cybersecurity risk review/analysis, where appropriate and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.
• Managing the delivery of new cyber risk metrics requirements and evaluate existing metrics and reports.
• Working closely with the Cyber Security Metrics and Analytics (CSMA) to automate and digitize risk metrics and maintain a source of truth for all Cyber Risk Data. 
• Defining and maintains the Cybersecurity Risk Management Framework ensuring its alignment with the Deloitte Enterprise Risk Framework.
• Defining and maintains processes for operating Deloitte Technology’s Cyber Risk Register.
• Gaining consensus across Deloitte Technology of the organization's Cyber Risk appetite and ensures that this is in line with the overall operational risk appetite. 
• Partnering with senior leaders (BISOs) to identify Cyber operational risks within their specific business units across Deloitte Technology, enabling them to govern and mature Cyber Risk processes within their respective areas.
• Working closely with the Cyber Architecture & Engineering team to ensure that risk management is embedded within the Secure Systems Development Lifecycle (SSDLC)
• Working closely with Deloitte Technology operational teams and BISOs on Cybersecurity Risk management.

About the team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Enough about us, let’s talk about you

Do you possess the following?:

• Bachelor’s degree: in a technology-related field, or equivalent education-related experience
• Proven experience in the Information Security / Cybersecurity domain with a focus on information / Cyber Risk management
• Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC) or other similar credentials
• Ability to communicate risk-related concepts to technical and nontechnical audiences.
• Expert knowledge of Information / Cybersecurity Risk management, metrics and reporting.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and other Cybersecurity Frameworks.
• Knowledge and experience of developing KRI and Cyber Risk Scorecards.

Total Rewards

The salary range for this position is $85,000 - $156,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.
Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth.  Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. Some representative examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, 38+ days off (including 10 firm-wide closures known as "Deloitte Days"), flexible work arrangements and a hybrid work structure.