Cyber Risk Director

Cyber Security Cyber Risk Posted: 31-Mar-2022

Same job available in 14 locations

Atlanta, Georgia, United States

Cardiff, United Kingdom, United Kingdom

Charlotte, North Carolina, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Columbus, Ohio, United States

Dallas, Texas, United States

Houston, Texas, United States

London, United Kingdom, United Kingdom

Miami, Florida, United States

Nashville, Tennessee, United States

San Antonio, Texas, United States

Tampa, Florida, United States

Toronto, Ontario, Canada

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture? Want to make an impact that matters? Consider Deloitte Global.

Work you'll do

As part of the Global Cybersecurity team, this professional:


         Provides oversight of Deloitte’s cyber risk management activities

         Defines and maintains the Cybersecurity Risk Management Framework aligned with the Deloitte Enterprise Risk Framework

         Defines and maintains processes for operating a global cyber risk register

         Sets and cascades risk appetite for cybersecurity in line with overall operational risk appetite limits, and ensures that action plans are in place for risk outside of tolerance

         Defines and maintains executive and operational cybersecurity metric requirements for consolidated global reporting


         Assists the cyber operations teams in the identification, processing and lifecycle management of risks (e.g., in a cyber risk register)

         Oversees implementation and operation of cyber risk management processes across Deloitte Global and member firms in line with the Cybersecurity Risk Management Framework, and in close collaboration with Global Risk

         Works effectively with IT operational teams and business units to facilitate cybersecurity risk assessment and risk management processes, and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite

         Contributes to, monitors, tests, reviews and constructively challenges IT operational teams and business units on their assessment of cybersecurity risks, including challenging on risk mitigation and management responses

         Provides specialist cyber risk expertise to support IT projects, operational teams, and business units upon request

         Creates and maintains a dashboard of security-specific KPIs and KRIs, and reports metrics to leadership

         Reviews and identifies new requirements and evaluates existing metrics and reports

Relationship Management

         Forms relationships and work collaboratively with Deloitte Global and Deloitte Firms cyber, infrastructure, risk and application leaders

         Works closely with the other direct reports of the Cybersecurity Strategy, Governance, and Compliance Leader to ensure collaboration and alignment

         Works closely with the Cyber Architecture & Engineering team to ensure that risk management is embedded within the Secure Systems Development Lifecycle (SSDLC)

         Works closely with IT operational teams and business units on cybersecurity risk management

         Works closely with Enterprise Risk and other risk groups (e.g., Information Risk Management) and member firms to set and cascade risk appetite

Expectations from the Professional

Our purpose is to make an impact that matters and our aspiration is to be the undisputed leader in professional services. At the root of these goals are our Shared Values, which describe the distinctive Deloitte culture. Our Values are timeless, all-encompassing and embrace the cultures in which Deloitte member firms operate. We expect all professionals to live our purpose and shared values and be the brand ambassadors holding Deloitte Global and member firms together.


At Deloitte, everything we do starts with integrity. In our marketplace, nothing is more important than our reputation and, accordingly, we commit to conducting business with honesty, distinctive quality, and high levels of professional behavior.

Outstanding value to markets and clients

We play a critical role in helping both the capital markets and our member firm clients operate more effectively. We consider this role a privilege, and we know it requires constant vigilance and unrelenting commitment.

Commitment to each other

We are proud of our culture of borderless collegiality and work hard to support our people. We strive to create an inclusive environment that reflects our strong, clear expectations about diversity, respect, and fair treatment.

Strength from cultural diversity

Our member firm clients' business challenges are complex and benefit from the innovation and varied perspectives that our practitioners bring. We understand that working with people of different backgrounds, cultures, and thinking styles helps our people grow into better professionals and leaders.

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center. We are seeking a Cyber Risk Manager to join the team. 

The Cyber Risk Director reports to the Cybersecurity Strategy, Governance, and Compliance Leader. The role focuses on implementation and operation of cyber risk management processes across Deloitte Global and Deloitte Firms in close collaboration with Global Risk, as well as reporting on cybersecurity metrics and providing trend analysis to leadership.



         Bachelor’s degree: degree in business administration, a technology-related field, or equivalent education-related experience

Work experience

         Minimum of 12 years of combined experience in the Information Security / Cybersecurity domain with a focus on information / cyber risk management

         At least five years holding a management and leadership role

         Proven track record and experience of the following in a highly complex and global organization:

o         developing and implementing information / cyber risk management processes and control frameworks in line with risk appetite

o         reporting on cybersecurity metrics and providing trend analysis

o         connecting closely with operational leadership to make risk management, metrics and reporting relevant for day-to-day operations


         Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC) or other similar credentials


         Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards.

         Ability to communicate risk-related concepts to technical and nontechnical audiences at various hierarchical levels

         Sound knowledge of business management and an expert knowledge of information / cybersecurity risk management, metrics and reporting

         Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework

         Experience interacting, presenting and working with C-level executives (CEO, CIO, etc.)

         Ability to manage a global team in a matrix environment

         Ability to travel as needed up to 10%

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.