Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
Manager, Cyber Security
Preferred Location: Hermitage/Nashville, TN
Primary duty is to respond to threats exploiting the enclaves or data that provide services supporting the employees of Deloitte. Protects the firm, its customers, reputation, assets and the interests of stakeholders by identifying and managing threats to the achievement of our business objectives. Responding to and managing cyber security incidents that involve the systems or effect the employees of Deloitte. Uses independent judgment and discretion in identifying issues and analyzing risk to ensure systems are returned to normal operations quickly, while ensuring the security and integrity of all data under our authority.
Illustrative Duties and Responsibilities
Lead Cyber Security Incident Response (CSIR) efforts across ITS including determination the criticality of an incident, investigation of incident actions, appropriate containment, and mitigation activities. During an active incident response, prioritize advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc.
Oversee the execution of the Cyber Security Incident Response Playbook by the Security Operations Center and others for minor security incidents.
Improve Incident Response processes by taking advantage of and Integration with new technologies and capabilities that are implemented by Cyber Security and other areas of ITS.
Communicate and document details of incidents and create status reports of tasks performed to stakeholders and provide input to communications to Deloitte leadership.
Establish and maintain strong working relationships with all teams required to support incident response including, but not limited to, Messaging, Communications, SOC, Data Protection, STS, GISO, Office of Security, Talent, and OGC.
Maintain and update the Cyber Security Incident Response Plan & Playbook, including the comprehensive contact list, call trees and response approaches for new incident scenarios and integration of new tools and capabilities as identified.
Support alignment between the Disaster Recovery and Business Continuity programs and Cyber Security Incident Response, including participation in Disaster Recovery testing activities.
Drive alignment of ITS CSIR programs with other areas of Deloitte to include: strategy, governance, risk and compliance, disaster recovery and business operations.
Act as the lead for table-top exercises, which assess the effectiveness of cyber incident response capabilities across people, processes, and technology.
Develop and continually improve CSIR Playbook, SOPs and alignment with Global activities.
Able to build strong relationships with and lead teams and individuals without direct reporting relationships.
Performs other job-related duties as assigned.
Required Technical Skills
Experience leading cyber security incident response during normal daily operations or against advanced persistence threats. Knowledge of forensics, chain of custody and handling digital evidence. Understanding of incident response in a Cloud based environment. Ability to quickly analyze large amounts of information and formulate action plans based on that analysis. Experience interpreting, searching, and manipulating data within enterprise logging solutions. Experience working with network, host, and user activity data, and identifying anomalies. Familiarity with threat intelligence and applied use within incident response and forensic investigations. Excellent written and oral communications skills and able to articulate and present information to all levels of management and staff. Possess strong organizational skills to facilitate management and tracking of large numbers of incidents, events, and efforts. Ability to adapt and operate in a high-tempo, dynamic and stressful environment. Ability to travel as necessary to accomplish tasking, with normal travel requirements around 25% are expected.Required Licenses, Certifications, and Other Requirements
Should have at least one of the following certifications CISSP, CISA, CISM, CCNP Security or CEH.
Education & Experience
Bachelor’s degree in Information Protection, Computer Forensics, Computer Information Security, Computer Science or Computer Engineering, or relevant educational or professional experience.
5 years of experience in cyber security, incident response, network and endpoint security, developing defense-in-depth strategies, log analysis, vulnerability management and forensics.