UK Geography Chief Information Security Officer (CISO) - Open to flexible working
UK Geography Chief Information Security Officer (CISO), Enabling Functions, UK
The Geography Chief Information Security Officer (CISO) is a cybersecurity leader within the Deloitte Technology organisation. They are responsible for the local implementation of Deloitte’s global cybersecurity objectives which include enhancing data security, standardising and securing critical infrastructure, gaining global cyber visibility.
The Geography Chief Information Security Officer (CISO) is the local leader for the coordination of the North South Europe (NSE) Information Security (IS) strategy implementation and play a key role to embed a strong security culture in the geography.
This person will play a strategic role towards building relationships with local key business stakeholders to understand the need for security for the geography based on local clients and regulatory requirements; and provide feedback and steer to the NSE CISO to shape the NSE IS strategy.
This person will also be responsible for providing functional leadership to one of the strategic pillars of the NSE CISO function namely, IS Risk, Assurance & Compliance; IS Strategy & Governance; IS Architecture & Consultancy; and IS Operations.
- Develop and maintain relationships with key business stakeholders (e.g. ITS Country Leaders, Service Line leaders, CTOs etc.) to understand the need for security at the geography level, provide feedback and steer to the NSE CISO to shape the NSE IS strategy.
- Coordinate, facilitate and ensure the implementation of the NSE IS strategy at the geography level in collaboration with the NSE CISO.
- Oversee and enhance locally delivered IS capabilities and services, in line with the NSE IS target operating model and local (regulatory) requirements.
- Working with local IT team and business teams in the geography to continually assess the geography’s state of information security. Identify gaps and opportunities for improvement, then work with the NSE CISO and geography IT Lead to prioritise investment and implement new or remedial solutions.
- Ensure that NSE IS policies and standards are consistently delivered and applied by working with the NSE CISO and relevant local functions.
- Ensure that adequate procedures are undertaken at the geography level when it comes to responding to and handling of security incidents.
- Manage metrics and reporting for local requirements; deliver effective, relevant and timely reports on findings from any information handling incidents in relation to the risk and compliance policies.
- Coordinate the security risk assessment activities related to the Information Security Management System (ISMS), and ensure IS risks related to the geography are mitigated.
- Support Service Lines within the geography to be compliant with both local and global IS policies, standards and legal/regulatory/client requirements.
- Represent local security in Global Security initiatives; ensure local security requirements are met and delivered.
- Liaise regularly with the NSE CISO and functional leads to discuss the geography’s risk posture including components such as compliance, audit and internal findings, including management and reporting on KPIs and KRIs.
- Provide inputs to relevant governance bodies e.g. NSE Security Council (including metrics, reports, risks and incident details, progress reporting and escalation matters), and required outputs (approvals, further escalations, actions to follow-up) and prepare reports for the business.
- In collaboration with NSE functional and other Geography CISO, influence the overall security evolution in the organisation by knowledge sharing of risk assessment results, technological market trends and the implementation of IS best practices.
- Act as the local counterpart for the NSE IS strategy and play a key role to embed and advocate a strong security culture in the geography through IS awareness activities.
Your work, your choice
At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.
Your professional experience
- In-depth experience of information security and risk management practices.
- Effective business communication skills to inform, partner, influence and manage key stakeholders to embed effective information security activities and processes.
- Good understanding of balancing the role between business stakeholders and a central service organisation.
- Business acumen, ability to take a strategic and commercial view
- Knowledge of European Union Directives including privacy regulations and cross border personal data transfer requirements (GDPR), as well as incident response handling procedures.
- Up-to-date knowledge of cyber and information security trends and threats.
- Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
- Investing in the future, demonstrates the ability to lead and develop teams (at an EMEA or global level), identifying and developing the next generation.
- Professional certification in CISSP, CISM or equivalent is considered an advantage.
- Prior experience of leading transformation initiatives and strong programme management skills are highly desirable
Your service line: Enabling Functions
At Deloitte, we’re all about making an impact that matters, together. And nowhere is this more apparent than among our 2,000 strong Enabling Functions teams. With our combined specialist skills and business partnering expertise, we provide all the essential strategy, support and advice our client-facing colleagues need, right across the firm. This enables them to focus all of their efforts on delivering the best service possible to their clients. So not only will you be providing world-class support to our internal clients, you’ll be making an impact for all the hugely influential organisations Deloitte works with too. Covering all our distinct areas: Human Resources, Clients & Industries, Finance & Legal, Central Business Services, National Quality & Risk Management, Technology & Digital Services, and Real Estate, the opportunities here are vast. And what’s more, you can grow your career in whatever direction you choose. We’ll support you all the way.
Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process.
Our Purpose & Strategy
To make an impact that matters for our clients, our people and society - defines who we are and what we stand for. Our purpose provides the foundation for our strategy and our aspiration to be the undisputed leader in professional services: this is not about size, it's about being the first choice. The first choice for the largest and most influential clients, and the first choice for the best talent.
What do we do?
Deloitte offers global integrated professional services that include Audit & Assurance, Consulting, Financial Advisory, Legal, Risk Advisory and Tax Consulting. Our approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities whatever the role, technology revolutions and innovation from multiple disciplines to help our clients excel anywhere in the world.
Beyond the UK: Deloitte North and South Europe
The UK is part of Deloitte North and South Europe (NSE), the second largest member firm in the Deloitte network. Deloitte NSE combines operations in Belgium, Central Mediterranean (Italy, Greece, Malta), Ireland, the Middle East (Bahrain, Cyprus, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Oman, Palestinian Ruled Territories, Qatar, Saudi Arabia, United Arab Emirates, Yemen), the Netherlands, the Nordics (Denmark, Finland, Iceland, Norway and Sweden), Switzerland and the UK. Deloitte NSE brings together 2,700 partners and over 50,000 people, combining our unmatched breadth and depth of capabilities in audit and assurance, consulting, financial advisory, risk advisory, and tax and legal across the region. Being part of Deloitte NSE supports our aspiration to be the undisputed leader in professional services and will create more opportunity and growth for our people.
What do we value?
What brings us all together at Deloitte? It’s how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for maximum impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most.
Being a Leader at Deloitte
Cultural fit and purpose-led leadership is crucial for Deloitte. Our leaders always set the example and inspire their colleagues. They make quality time for people and take an interest in them. They know what matters to people - both inside and outside work – and value them as individuals; always finding opportunities to develop them while showing respect and appreciation.
Please click 'Apply' to submit your application