Job Specifications
Job Type: PermanentWork Model: HybridReference code: 129417Primary Location: Toronto, ONAll Available Locations: Toronto, ON; Calgary, AB; Edmonton, AB; Halifax, NS; Saint John, NB
Our Purpose
At Deloitte, our Purpose is to make an impact that matters. We exist to inspire and help our people, organizations, communities, and countries to thrive by building a better future. Our work underpins a prosperous society where people can find meaning and opportunity. It builds consumer and business confidence, empowers organizations to find imaginative ways of deploying capital, enables fair, trusted, and functioning social and economic institutions, and allows our friends, families, and communities to enjoy the quality of life that comes with a sustainable future. And as the largest 100% Canadian-owned and operated professional services firm in our country, we are proud to work alongside our clients to make a positive impact for all Canadians.
By living our Purpose, we will make an impact that matters.
Have many careers in one Firm.
Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness.
Learn from deep subject matter experts through mentoring and on the job coaching
Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.
What will your typical day look like?
The Technical Cyber Risk Assessment Manager will be responsible for the following:
Develop an understanding of Deloitte's global line of business and its priorities, becoming an advocate for addressing cyber risk.
Demonstrate familiarity with the Three Lines of Defense (3LOD) model.
Possess knowledge of risk management practices and the ability to conduct technical risk assessments.
Work with the Global Technology Infrastructure team to integrate system cybersecurity assessments into their processes to ensure consistent implementation of security controls.
Work with the Cybersecurity Architecture team and apply reference architectures for security solutions design and implementation.
Work with the Cyber Defense group and the Security Operations Center to evaluate the effectiveness of the security controls and architectures in relationship to actual intrusions seen on the Deloitte network, reported threats at peer organizations, and overall cybersecurity threats in the internet ecosystem and you will notify leadership of potential or existing threats and assist in the development of risk mitigating strategies of these items.
Monitor security blogs, articles, and reports and remain current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends and, where relevant, notify leadership to incorporate information into processes, procedures, and audit preparedness activities.
Perform technology security risk assessments. Where appropriate, leverage security shared services (VRA, VM, Pen Testing) and provide oversight and assurance of cybersecurity controls in development and deployment all the way through the system go-live.
Hold great working relationships with the Security Architecture team, Shared Security Service teams, Global Business Services organizations, and Member Firm Services organizations.
Proven experience writing clear, accurate, and user-friendly technical documentation for diverse audiences and purposes, effectively conveying complex information.
Communicate detailed cybersecurity findings and analyses to leadership, subject matter experts (SMEs), and stakeholders, ensuring clarity and comprehensiveness in communication.
About The Team
Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.
Enough about us, let’s talk about you
Do you possess the following?:
5+ years of related experience in cybersecurity risk management in organizations of a similar scale.
Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation.
Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32
Strong knowledge of cyber controls, policies, and procedures.
Experience of delivering metrics for senior level audiences.
Demonstrate analytical and problem-solving skills.
Ability to communicate risks associated with complicated security-related concepts to technical and non-technical audiences.
Proficient in the use of PowerBI or a similar dashboarding application.
Knowledge of security systems (including working with SIEM data).
SQL or database knowledge would be desir