Global Cybersecurity Policies & Standards & SSDLC Leader

Reference Code 3939

Country: Canada; United Kingdom; United States

US Locations: USA - Hermitage; USA - Nashville; USA - Tampa

Non-US Locations: CAN - Edmonton; CAN - Halifax; CAN - Ottawa; CAN - Saint John; CAN - Toronto; GBR - Bristol; GBR - Cambridge; GBR - Manchester; GBR - Milton Keynes; GBR - Reading; GBR - St. Albans

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Work you'll do

Lead Deloitte’s Global Cybersecurity Policies & Standards Program and the Global Secure Software Development Life Cycle (SSDLC) Program. You will own the development, maintenance, and enterprise roll‑out of an authoritative suite of global cybersecurity policies and standards that map to key GRC and technology processes (SSDLC Optimization, Internal Automated Compliance Assessment, VCRA, ISO 27001).

You will also run the Global SSDLC program and its transformation to deliver consistent, trusted reviews across Member Firms and to advance secure development practices organization‑wide. The Senior Manager, Cyber Policy and Standards additonally will:

• Lead and own the end-to-end lifecycle (drafting, review, approval, publishing, maintenance) of Deloitte’s Global Cybersecurity policies and standards. Maintain and expand a mature, scalable suite of technical standards and implementation guidance, apply deep subject-matter expertise to set strategic and technical direction, drive stakeholder alignment and governance, ensure practical adoption across teams and vendors, and continuously evolve standards to address emerging risks and architectures.
• Lead and refine Deloitte’s Global SSDLC program requirements for Deloitte firm SSDLC teams. Ensure consistent, risk-based application reviews across technology assets, redesign processes and tooling, leveraging automation to accelerate security review cycle times without reducing rigor, while enabling scalable, repeatable review pipelines. Provide implementation guidance and escalation support as required to Deloitte firm SSDLC teams.
• Lead and develop a team of specialists, set strategic direction and priorities, align resources and vendors to business objectives, establish governance and SLAs, track program performance and delivery, and drive continuous improvement to ensure outcomes are met.
• Ensure standards are authoritative, actionable, and mapped to frameworks and controls (e.g., ISO 27001, Internal compliance (MFS12) and Vendor Cyber Risk Assessments).
• Integrate cybersecurity policies and SSDLC requirements into downstream GRC initiatives and programs. Provide SME to support control implementation and evidence collection required for industry certifications. Maintain technical documentation and comprehensive audit trails to ensure compliance, traceability, and readiness in support of audits.
• Engage and influence senior stakeholders (Deloitte Firm CISOs and CTOs) to build strong relationships, understand and reconcile multiple perspectives, and drive initiatives forward to consensus through clear, compelling communication, strategic framing, and decisive stakeholder engagement.
• Build and sustain trusted, visible relationships with Deloitte cybersecurity and technology teams, services owners/leaders, Deloitte Firm CISOs and CTOs to secure strategic buy‑in; act as the go‑to SME for Cybersecurity Policies and Standards and SSDLC programs - providing tailored, practical counsel that balances regulatory requirements with business priorities.
• Drive alignment and adoption of Cybersecurity Policies and Standards and SSDLC requirements across matrixed Deloitte firm teams by using effective communication, engaging stakeholders in a timely manner helping reduce risk across the organization.
• Proactively identify and implement scalable, technology-enabled approaches - including AI-driven automation and orchestration - to deliver standards faster, improve discoverability, and enable near‑real‑time updates and automated compliance checks.
• Implement scalable, technology‑enabled solutions to accelerate delivery, improve discoverability, enable near‑real‑time updates, and enable automated compliance checks.

The team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Qualifications

Do you possess the following?:

• Proven experience developing strategies and successfully rolling them out across multiple member firms, including adapting for regulatory and operational differences, and building strong senior level relationships to drive alignment, adoption, and sustained execution. 
• Demonstrated experience evaluating emerging technologies, particularly AI/LLM assisted development and integrating them into DevSecOps practices by defining secure development guardrails, aligning with developer workflows, and ensuring secure by design coding practices in modern CI/CD environments.
• Experience in leading and implementing complex, cross‑organizational cybersecurity programs that delivered measurable risk reduction and improved organizational resilience.
• Proven track record managing global programs and distributed teams (10+ FTEs and large budgets).
• Deep knowledge of ISO 27001, SSDLC best practices, secure coding, DevSecOps, threat modelling, and secure CI/CD patterns.
• Hands‑on familiarity with cloud security (AWS/Azure/GCP), application security tools (SAST/DAST/SCA), and security automation.
• Experience aligning security programs with GRC processes and preparing evidence for audits and certifications.
• Excellent stakeholder management, written/verbal communication, and executive presence.
• Strong program management skills and experience delivering transformational change in complex organizations.

Preferred:

• CISSP, CISM, CSSLP, or ISO 27001 Lead Implementer/Auditor certifications.
• Experience with large professional services or multi‑national enterprise environments.
• Familiarity with regulatory programs and other frameworks (e.g., NIS2, GDPR) is an advantage
• Current experience in a role supporting Deloitte Global (DTTL) is preferred

Our culture

At Deloitte Global people are valued and respected for who they are – with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.

Recruiting for this role ends on 08/02/2026.

 
Deloitte Global is required by local law to include a reasonable estimate of the compensation range for this role for individuals applying to work in our Edmonton, Toronto, Saint John, Halifax and Ottawa locations. This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and delivery model. We would not anticipate that the individual hired into this role would land at or near the top end of the range, but such a decision will be dependent on the facts and circumstances of each case. A reasonable estimate of the range is - for individuals applying to work in these locations.