What will your typical day look like?
The Cybersecurity Operations Cloud Analyst will conduct Cybersecurity related activities including vulnerability management, server hardening compliance monitoring, annual security reviews, and implementation of security standards, best practices, guidance and procedures.
Specific Role Responsibilities include:
Identifies security exposures that currently exist or may pose potential threats to Deloitte’s networks or systems. Notifies leadership of potential or existing threats and leads in the development of risk mitigating strategies of assigned items.
Identifies areas for improvement including systems integration, new technology and automation and assists in the design and implementation of solutions.
Monitors security blogs, articles, and reports and remains current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends, where relevant notifies leadership to incorporate information into processes, procedures, and audit preparedness activities.
Performs cybersecurity review of Azure and M365 API permissions requests (eg. MSGraph, AAD Graph, etc). Working with application teams to identify solutions and reduce risk for Deloitte
Assists with the operationalization and review of cybersecurity controls within cloud environments (Azure, AWS, GCP)
Operational management of the vulnerability management tool for cloud environments, ensuring that the tool and supporting processes are working effectively to identify and report vulnerabilities in Deloitte systems.
Tracks the progress for the remediation of identified risks and vulnerabilities and provides appropriate reporting to leadership, intervening and escalating where necessary to ensure agreed priorities and timescales are met.
Identifies non compliances to global standards, leads work with GTI and GDAS colleagues to remediate and implement treatment plans.
Provide Cybersecurity SME support to colleagues and processes relating cybersecurity for cloud environments
Forms a strong relationship with the Security Shared Service teams to assist in the remediation of globally identified vulnerabilities and management of security within GTS managed cloud environments and with Cybersecurity representatives within member firms to collaborate and share experiences and issues, solving problems holistically.
About the team
Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.
Enough about us, let’s talk about you.
You are someone with:
Bachelor’s degree: degree in business administration, a technology-related field, or equivalent education-related experience
Proven track record and experience of developing and supporting security requirements within cloud solutions including Azure, AWS, GCP, SAAS, PAAS and IAAS technologies
Professional security management certification desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
Written and verbal English language communication skills
Excellent interpersonal and collaborative skills, with ability to communicate technical information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
Knowledge of cloud solutions, environments and the application of cybersecurity controls within them as well as Azure and M365 APIs
Working knowledge of key cybersecurity technologies such as network security tools (firewalls, intrusion detection system (IDS)/ intrusion protection system (IPS), content filtering, network access control (NAC), end-point protection (AV, EDR, MDM), data loss prevention, encryption, vulnerability management, and security information and event management (SIEM)
Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework