Deloitte - Manager - Advisory - Cloud Security Architect

Cyber Strategy and Governance- Manager- Cloud Architect

- Deloitte's Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates - 2013 Kennedy Information, LLC. Reproduced under licenseWork you will do

- As a professional working for Cyber Strategy and Governance, you will build and nurture positive working relationships. The cloud security architect plays an integral role in defining and assessing the client organization's cloud security strategy, architecture and practices. This individual's primary function is to provide cloud security planning, deployment and review expertise to project teams and client organizations in the Cyber Risk space. Responsibilities include:

- Determine security requirements for cloud-based solutions by evaluating business strategies and requirements; researching cloud infrastructure security standards

- Executing on Cloud security engagements across the lifecycle - strategy, design, implementation and operations

- Responsible for supervising the work of team members and supporting delivery teams and staff

- Conducting cloud security analysis of clients- Cloud platforms/environments based on Deloitte's Cloud Cyber Risk Framework. This can include IaaS, PaaS and SaaS Cloud platforms such as Azure, AWS, Workday and Office-365

- Conducting cloud security readiness assessments and analysis of prospective Cloud platforms/environments prior to broader deployments

- Develop security strategy plans and roadmaps based on cloud architecting best practices and provide guidance and hands-on experience to the project teams in design, development, and maintenance of security solutions for cloud

- Designing and developing Cloud-specific security policies, standards and procedures e.g., account management, tenant management, CASB/CWPP integration, proxy server management, firewall management, SSL/IPsec, security incident and event management (SIEM), data protection (DLP, encryption), user account management (SSO, SAML), and password/key management, vulnerability/threat assessment

- Assess cloud service providers' SSAE 16, SOC 1 and/or SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and suggest remediation controls

- Act as a Cloud Security subject matter expert and work in conjunction with other project teams on the public/private/hybrid cloud ecosystem to develop security solutions

The team :

- The Cyber Risk Services group is part of the wider technology risk practice within Deloitte Advisory. We help - Fortune 500- clients solve business issues related to cybersecurity risk management, cyber threats, privacy, governance, business resilience, and process improvements. Learn more about our Cyber Risk Services practice.

- Deloitte's Cyber Strategy and Governance practice is focused on helping our clients to design and implement transformational programs to reduce and manage cyber threats. We help our clients to define their overall cyber strategy, design global, pan-enterprise programs that focus on mitigating threats; evaluate their objectives, priorities, strengths, and weaknesses; and roll out large-scale organizational changes to achieve goals.

Qualifications and experience :

Required :

- 10+ years overall technology experience

- Minimum 3+ years of hands-on technical experience designing and implementing security solutions for leading Cloud service providers e.g., AWS, GCP or Azure across SPI models and environments (Public, Private, Hybrid)

- 2+ years working experience designing cloud security architectures and strategies for enterprises

- 5+ years of relevant consulting or industry experience

- 2+ years in a technical or functional lead role

- 2+ years working experience with Virtualization including security for at least one or more of the following: Compute, Network, Storage, End-point, Application

About Deloitte :

- Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (- DTTL- ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as - Deloitte Global- ) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the - Deloitte- name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

Copyright - 2017 Deloitte Development LLC. All rights reserved.

- 2+ years working with Cloud security industry standards such as Cloud Security Alliance (CSA), ISO/IEC 27017 and NIST 500 291

- 2+ years working experience with Cloud security technologies/vendors (e.g., IAM, SIEM, IDS) and/or providers (e.g., Okta, CipherCloud, AlertLogic), a big plus

- 1+ years working with Cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD) in single and multi-tenant environments

- 1+ years working with CASB or CWPP technologies or planning for large-scale deployments of these technologies

- Experience designing IAM technologies and services

- Strong working knowledge of IT service management (e.g., ITIL-related disciplines)

- Direct, hands-on experience or strong working knowledge of managing enterprise security infrastructure and perimeter security appliances - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology

- Understanding of industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, ISO 27018, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc.

Preferred:

- Certifications should include CCSP, CISSP, CCSK, and other cloud vendor specific certifications

- Bachelors / Master's degree in Computer Science, Cyber Security or similar discipline

How you will grow :

At Deloitte, we have invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities- including exposure to leaders, sponsors, coaches, and challenging assignments- to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning, and eLearning. Deloitte University (DU): The Leadership Center in India, our state-of-the-art, world-class learning center in the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangible symbol of our commitment to our people's growth and development. Explore DU: The Leadership Center in India.

Benefits :

- At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte's culture :

- Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship :

- Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and

About Deloitte :

- Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (- DTTL- ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as - Deloitte Global- ) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the - Deloitte- name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.