Deloitte Cyber Cloud Attack Surface Management Manager in Denver, Colorado
Are youinterested in working in a dynamic environment that offers opportunities forprofessional growth and new responsibilities? If so, Deloitte &Touche LLP could be the place for you. Traditional security programs have oftenbeen unsuccessful in unifying the need to both secure and support technologyinnovation required by the business. Join Deloitte's Advisory Cloud AttackService Management (ASM) Services team to help drive our client s innovations andbecome a member of the largest group of cybersecurity professionals worldwide.
Work you ll do
As a Cloud ASM Manager, you will be on thefront lines with our clients supporting them with their cloud and attacksurface security needs. You will help them to securely navigate their journeyto the cloud by implementing industry leading practices around cyber risks andcloud security. In this role, you will:
Maintain client relationships by developing a reputation as anindependent professional who delivers exceptional results.
Assist in the selection and tailoring ofapproaches, methods, and tools to support ASM service offerings and clientengagements.
Assess, plan, deploy and operationalize high-leveland detailed vulnerability and patch management programs translating businessneeds, architecture, operational structure, and compliance and/or regulatoryrequirements into cost effective and risk appropriate controls, processes, andprocedures tailored to our client s needs.
Develop comprehensive project plans to include engagementstaffing, schedules, milestones, and deliverables while balancing clientrequirements, commitments, staffing and budgetary constraints.
Deploy, operate andmaintain vulnerability and patch management tools, integrating various sourcesand supporting organizational governance, reporting, risk and event monitoring datarequirements.
Lead day-to-dayvulnerability and patching operations across a myriad of technologies andlifecycle phases to include infrastructurevulnerability scanning, analyzing subsequent results, triaging false positives, prioritizing and coordinating patching and remediation activities,tracking through closure.
Identify opportunities to collaborateacross workstreams and optimize efficiencies in an effort to reduce the levelof effort, costs and risks across client threat landscapes while facilitatingincreased organizational situational awareness.
Provide recommendations, technicalguidance, architecture, installation, configuration, and/or operation forsolutions used across the entire lifecycle of vulnerability managementincluding vulnerability identification, threat intelligence, assessment, patchingand remediation, exception management, secure configuration management, and reportingas well as the integration of these various solutions and technologies.
Develop client vulnerability and patching standards, policies, andprocess documentation accounting for technology and organizational challenges.
Promote industry leading practices through the design andmentorship of other technology teams and team-members.
Review deliverables for quality, accuracy, and objectivity.
Lead the team on proposals, whitepapers, proof of concepts,technical eminence materials and Firm initiatives.
Support and enable team members,mentoring junior professionals and developresources.
Mature the ASMoffering and the Firm s global delivery capacity.
Drive innovation andnext generation cloud, security and ASM technologies.
At Deloitte, our CyberSpecialists help organizations manage cyber risk and create value throughenhancedsecurity, visibility, and privacy into an organization sDNAour program design, implementation, operation, and response services,coupled with our deep industry and mission knowledge, help us protect anddefend our clients most valuable assets, facilitate secure digitaltransformation efforts, and adapt rapidly to emerging threats. Learn More about Advisory's Cyberpractice at http://www2.deloitte.com/us/en/pages/risk/solutions/cyber-risk-services.html
10 yearsof information technology and/or information security experience.
Abilityto lead a team of service delivery professionals across multiple geographicregions
Hands-on technicalexperience with at least one cloud platform in security or infrastructureimplementation and operations e.g.Microsoft Azure, Amazon Web Services (AWS), Google CloudPlatform (GCP).
Demonstratedcapability to organize, plan, design, deploy, operationalize and lead secureand highly scalable vulnerability and patch management projectsfrom conception throughconclusion.
Depth of experience withvulnerability assessment and reporting including comprehensive understanding ofvulnerability management methodologies, procedures and infrastructurevulnerability scanning solutions for on premise, cloud and hybrid environments.
Background and knowledge ofgeneral security concepts, such as defense-in-depth, least privilege, securityarchitecture and design, threat modeling, etc.
Experience deploying,operating and maintaining vulnerability scanning solutions such as Qualys,Tenable, Rapid7, Twistlock or RedLock.
Experience deploying,operating and maintaining vulnerability management tools solutions such as Kenna,ServiceNow, RiskIQ or Expanse.
Experience deploying,operating and maintaining patch management tools such asBigFix, Tanium, Qualys PatchManagement, SCCM/ECM, Satellite or JetPatch.
Understanding ofindustry regulatory, compliance and regional requirements (i.e., PCI-DSS, NIST,HIPAA, GDPR) and skilled at interpreting the compliance and securityrequirements into implementable and repeatable controls.
Experience in thecreation and maintenance of security policies and procedures, managing theprotection of information systems and assets.
Client interfacing,relationship and team building, and consulting skills with the ability tocollaborate across multiple workstreams.
Ability to work independentlywith professional oral and written communication skills.
Strong problem solving andtroubleshooting skills with experience exercising mature judgement.
Experience in developing clientproposals and work orders.
Travel up to 50%(While 50% of travel is a requirement of the role, due to COVID-19,non-essential travel has been suspended until further notice).
Must be legallyauthorized to work in the United States without the need for employersponsorship, now or at any time in the future.
Identify opportunitiesto improve engagement profitability.
Experiencewith engaging C-Level executives and developing cyber risk strategies toaddress broad security issues.
Experiencewith leading multiple distributed teams across different geographies.
Excellent teamwork andinterpersonal skills.
BA/BS Degree ideallyin Computer Science, Cyber Security, Information Security, Engineering or InformationTechnology.
Previous Consulting orBig 4 experience preferred.
Knowledge of securityand privacy-related industry standards and frameworks (e.g. NIST CSF, CIS, ISO27001 series, CSA CCM) is a plus.
Experience managing oroperating enterprise infrastructure in a role aligned with or responsible for vulnerabilitymanagement (patch management, exception management, secure configuration management,etc.).
Experience with JSON,Python, XML and ability to write cloud automation scripts desired.
Experience with ServiceNowtools, workflows, automation and orchestration.
Certifications suchas: GEVA, CCSP, CISSP
Ability to developcompelling proposals for client to clearly articulate the need for informationsecurity.
Excellent writing andverbal communication skills.
Strong projectmanagement and organizational skills.
Howyou ll grow
AtDeloitte, our professional development plan focuses on helping people at everylevel of their career to identify and use their strengths to do their best workevery day. From entry-level employees to senior leaders, we believe there salways room to learn. We offer opportunities to help sharpen skills in additionto hands-on experience in the global, fast-changing business world. Fromon-the-job learning experiences to formal development programs at DeloitteUniversity, our professionals have a variety of opportunities to continue togrow throughout their career. Explore Deloitte University, The Leadership Center. at https://zoomforth.com/s/deloitte/du#home
AtDeloitte, we know that great people make a great organization. We value ourpeople and offer employees a broad range of benefits. Learn more about what working atDeloitte can mean for you. at http://www2.deloitte.com/us/en/pages/careers/articles/life-at-deloitte-benefits-and-rewards.html
Deloitte s culture
Our positive and supportiveculture encourages our people to do their best work every day. We celebrateindividuals by recognizing their uniqueness and offering them the flexibilityto make daily choices that can help them to be healthy, centered, confident,and aware. We offer well-being programs and are continuously looking for newways to maintain a culture where our people excel and lead healthy, happylives. Learn more about Life atDeloitte.
Deloitteis led by a purpose: to make an impact that matters. This purpose defines whowe are and extends to relationships with our clients, our people and ourcommunities. We believe that business has the power to inspire and transform.We focus on education, giving, skill-based volunteerism, and leadership to helpdrive positive social impact in our communities. Learn more about Deloitte simpact on the world. at http://www2.deloitte.com/us/en/pages/about-deloitte/articles/deloitte-corporate-citizenship.html
We want job seekers exploring opportunities at Deloitte to feelprepared and confident. To help you with your interview, we suggest that you doyour research: know some background about the organization and the businessarea you re applying to. Check out recruiting tips fromDeloitte professionals. at http://www2.deloitte.com/us/en/pages/careers/topics/recruiting-tips.html
Category: Information Technology
As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.