Cloud Security Architect - CISO, Open to returners & flexible working
To work in the innovative and creative CISO team. A world class operation with extensive knowledge and experience. Interfacing with business and technical teams and bringing about change and influence across the whole world of Deloitte. Apply your skills here to make things happen, great people, great purpose and passionate about our work.
We encourage consideration of flexible ways of working, both formal and informal arrangements that allow for the best outcomes for our people and our clients. If this opportunity is of interest to you with some flexibility, please do discuss with us.
Are you looking to return to the workplace after an extended career break?
For this role we can offer coaching and support designed for returners to refresh your knowledge and skills, and help your transition back into the workplace after a career break of 2 years or more. If this is relevant for you, just let your recruiter know when you make your application.
- Responsible for defining Cloud Security Requirements. Reviewing Cloud Security Standard and propose changes to align with the risk appetite and facilitating the review and sign-off process for Cloud Security Standard working in collaboration with key stakeholders in 1LOD and 2LOD
- Define and maintain the Cloud Security Architecture and Design to improve security posture and strengthen security defenses as well as Influencing Information Security policy, standards and guidelines
- Define Cloud Security Solutions Design for AWS and Azure. Develop the blueprint of technical security controls and corresponding roadmaps, assessing and influencing key cloud suppliers
- Facing off to the Cloud Transformation Programme on behalf of CISO office providing advice and guidance on security and risk
- Work with major strategic Cloud projects to design and recommend security controls to address emerging threats and evolving technology
- Contributing to the end to end Information Security Architecture reviews as part of an IT lifecycle and security reviews throughout a change advisory board
- Leading on cybersecurity research on the latest new cloud technologies and ensuring project delivery by working with PMO and defining relevant milestones for CISO consumption
- Collaborating with other Information Security professionals to drive widespread adoption of security best practices and ensuring industry standard framework implementation
- Ensure project delivery by working with PMO and defining relevant milestones for CISO consumption
You will work with diverse teams within an inclusive team culture where people are recognised for their contribution
Your work, your choice
At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk. We carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. Please speak to your recruiter about the working pattern that works best for you.
Location: Cardiff / London
Work pattern: This is a permanent contract opportunity.
The role is full time
Your professional experience
- Computer Science degree and/or MSC in Information Security desirable but not essential. Working knowledge of different project delivery methodologies including Waterfall, Agile and Hybrid.
- Possess accreditation in CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) or related certification.
- Proven experience in cloud security architecture role, demonstrating solutions delivery, principles and emerging technologies - Designing and implementing cloud security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
- Extensive knowledge of cloud security architecture, demonstrating solutions delivery, practices and emerging technologies
- Have demonstrable experience in consulting and engineering of the development and design of cybersecurity best practices and the implementation of solid cybersecurity practices across the organisation, to meet business goals along with customer and regulatory requirements.
- Possess extensive knowledge of frameworks or specifications of information security or risk management that include all legal, physical and technical controls involved in an organisation’s risk management
- Be very knowledgeable in cloud security standards ISO/IEC 27017:2015 and ISO/IEC 27018:2014
- Have extensive experience with security considerations of cloud computing: This should include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DDoS attacks.
- Have a good knowledge and understanding of identity and access management (IAM) – the framework of security policies and technologies that limit and track the access of those in an organisation to sensitive technology resources.
- Have a solid understanding of various cyber technologies - mobile threat defense, endpoint protection, data loss prevention, insider threat protection, device hardening, classification, key & certificate management and many more
- Have the ability to be the enterprise cybersecurity subject matter expert that can articulate technical topics to those with or without a technical background
- Possess exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all of their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Shared Services, National Quality & Risk Management, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience.
Our Purpose & Strategy
To make an impact that matters for our clients, our people and society - defines who we are and what we stand for. Our purpose provides the foundation for our strategy and our aspiration to be the undisputed leader in professional services: this is not about size, it's about being the first choice. The first choice for the largest and most influential clients, and the first choice for the best talent.
What do we do?
Deloitte offers global integrated professional services that include Audit & Assurance, Consulting, Financial Advisory, Risk Advisory and Tax Consulting. Our approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities whatever the role, technology revolutions and innovation from multiple disciplines to help our clients excel anywhere in the world.
Beyond the UK: Deloitte North and South Europe
The UK is part of Deloitte North and South Europe (NSE), the second largest member firm in the Deloitte network. Deloitte NSE combines operations in Belgium, Greece, Ireland, Italy, Malta, the Netherlands, the Nordics (Denmark, Finland, Iceland, Norway and Sweden), Switzerland and the UK. Deloitte NSE brings together 2,500 partners and over 40,000 people, combining our unmatched breadth and depth of capabilities in audit and assurance, consulting, financial advisory, risk advisory, and tax and legal across the region. Being part of Deloitte NSE supports our aspiration to be the undisputed leader in professional services and will create more opportunity and growth for our people.
What do we value?
At Deloitte we foster a collaborative culture where talented individuals can produce their best work. We value innovative thinking, diverse insights and a genuinely distinctive level of customer service. We value difference, with respect at the heart of our inclusive culture, and we support agile working arrangements. Hear from some of our people already working at Deloitte in agile ways. We are proud to have earnt a Top 10 place on the 2018 list of Top 30 Employers for Working Families for the eighth consecutive year, and to have been listed in The Times Top 50 Employers for Women for each of the last four years.
Being a Leader at Deloitte
Cultural fit and purpose-led leadership is crucial for Deloitte. Our leaders always set the example and inspire their colleagues. They make quality time for people and take an interest in them. They know what matters to people - both inside and outside work – and value them as individuals; always finding opportunities to develop them while showing respect and appreciation.
We expect colleagues at all levels to embrace and live our purpose and our leadership culture by challenging themselves to identify issues that are most important for our clients, our people, and for society and make an impact that matters. We know leadership comes in all shapes and sizes, but our Leadership Charter helps all of our people understand what we’re looking for:
- We live our purpose: we act as a role model, embracing and living our purpose and values, and recognising others for the impact they make
- We develop talent: we develop high-performing people and teams through challenging and meaningful opportunities
- We drive performance: we deliver exceptional client service; maximise results and drive high performance from people while fostering collaboration across businesses and borders
- We believe positive influence can make an impact that matters: we influence clients, teams, and individuals positively, leading by example and establishing confident relationships with increasingly senior people
- We move, together, towards a strategic direction: we understand key objectives for clients and Deloitte, aligning people to objectives and setting priorities and direction.
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and registered office at 2 New Street Square, London, EC4A 3BZ. Deloitte LLP is the United Kingdom affiliate of Deloitte NWE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities.