USI-EH25-Cyber Security-BISO Analyst-HYD

Summary

Position Summary

Job Summary

Cyber Security BISO Team works with the Deloitte Function Specific Subsidiaries (FSS) & Chief Information Security Officer (CISO) organization directly supporting Deloitte’s Enabling Areas portfolios. The role involves close integration with various internal leaders and teams, client-service leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption.

The Business Information Security Officer (BISO) Analyst will work closely with the Application teams of various lines of businesses (LOB), including the Office of Chief Information Officer (OCIO). In this role, you will support a group/team to develop a deep understanding of the business to facilitate specialized information security risk-based discussions. This role requires a proactive individual with a keen eye for detail and a strong understanding of cybersecurity frameworks such as, ISO, NIST, CIS.

This fast-paced multi-faceted environment requires a highly motivated, self-driven, strong team player who demonstrates an intrinsic desire for continuous personal and professional growth.

Key Responsibilities:

• Contribute to the ongoing development, implementation, and maintenance of information security initiatives.
• Possess a strong background in application development and/or application security, with knowledge of the Software Development Life Cycle (SDLC) from design, testing, deployment to post-production, and the different risk elements associated with each step.
• Serve as an Information Security subject matter expert and liaison with Information Security teams.
• Collaborate with application teams on information security critical priorities.
• Support the triage process with the application teams and help them understand the Information Security support structure.
• Display subject matter experience in application security, vulnerability testing & system testing.
• Prioritize vulnerabilities based on risk and potential impact.
• Collaborate with IT and security teams to develop and implement remediation plans.
• Track and verify the remediation of identified vulnerabilities.
• Prepare detailed reports on vulnerability findings and remediation status.
• Communicate findings to relevant stakeholders, including IT, security, and management teams.
• Stay up to date with the latest vulnerability trends, tools, and best practices.
• Recommend and implement improvements to the vulnerability management process.
• Assist in the investigation and response to security incidents related to vulnerabilities.
• Provide expertise in vulnerability exploitation and mitigation techniques.
• Ensure compliance with relevant regulations, standards, and policies related to vulnerability management.
  
  

Qualifications:

Education:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.

Experience:

• 1-2 years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
• 2-4 years of experience in vulnerability management, cybersecurity, or a related field.
• Experience with vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7).

Technical Skills:

• Strong understanding of common vulnerabilities and exposure (CVE) and common vulnerability scoring system (CVSS).
• Knowledge of network and system security principles.
• Familiarity with operating systems (Windows, Linux, Unix) and network protocols.

Certifications:

• Relevant certifications such as CompTIA Security+, CISSP, CEH, GIAC, or similar are preferred.

Soft Skills:

• Excellent analytical and problem-solving skills.
• Strong communication skills, both written and verbal.
• Ability to work independently and as part of a team.
• Detail-oriented with a strong focus on accuracy and quality.
• Ability to work in a fast-paced environment and manage multiple tasks simultaneously.
  
  

This role is ideal for a motivated individual who is passionate about cybersecurity and eager to contribute to the organization's security posture. If you have a strong background in vulnerability management and a commitment to continuous improvement, we encourage you to apply.

The team

Information Technology Services (ITS) helps power Deloitte’s success. ITS is the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.

The ~2,200 professionals in ITS deliver services internally including:

• Cyber security
• Technology support
• Technology & Infrastructure
• Application development and management
• Relationship management group
• Strategy
• Deployment
• PMO
• Financials
• Communications
  
  

For more information on ITS, you can visit our dedicated recruitment page at https://usrecruiting.deloitte.com/-its-recruiting-for-experienced-hires .

Cyber Security

The Cyber Security team is responsible for vigilantly protecting Deloitte and client data. The team is responsible for a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.

Areas of focus include:

• Cyber design
• Risk & Compliance
• Technology Risk Management
• Identity & Access Management
• Data Protection
• Incident Response and Architecture
  
  

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work.

Our purpose

Deloitte’s purpose is to make an impact that matters for our clients, our people, and in our communities. We are creating trust and confidence in a more equitable society. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. We are focusing our collective efforts to advance sustainability, equity, and trust that come to life through our core commitments. Learn more about Deloitte's purpose, commitments, and impact.

Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Requisition code: 214649