Apply now »

 

Technical Cyber Risk Assessment Manager

 

 

Reference Code 1879

 

Country: United States (US)

US Locations: USA - Hermitage; USA - Nashville; USA - Tampa

 

 

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

 

Work you'll do

 

The Technical Cyber Risk Assessment Manager will be responsible for the following:

 

  • Perform in‑depth technical cybersecurity risk assessments across cloud, identity, network, infrastructure, applications, and platforms.
  • Validate actual control effectiveness by reviewing live configurations, security tooling outputs, logs, and architecture implementations.
  • Provide expert challenge and guidance to DT teams on control design gaps, compensating controls, and risk reduction options.
  • Oversee end‑to‑end technical risk assessments, ensuring risks are identified, findings appropriately communicated / acknowledged and risk treatment agreed and documented with all DT stakeholders. 
  • Provide oversight and technical assurance on the implementation of security controls within DT infrastructure, platforms, cloud, identity, and endpoint technologies.
  • Work with Cybersecurity Architects to apply DT reference architectures and validate that deployed solutions align to design intent, patterns, and standards.
  • Collaborate with the Deloitte Cyber Threat Intelligence (DCTI) and Security Operations Center (SOC) teams to evaluate how effective deployed controls are against real threats, incidents, peer‑industry threat intelligence, and emerging TTPs.
  • Escalate material threats or misconfigurations to DT leadership and support the design of effective remediation and mitigation strategies.
  • Stay current on cybersecurity threats, vulnerabilities, emerging technologies, and relevant regulations/standards (e.g., NIST CSF 2.0, ISO 27001/27002, SOC 2).
  • Monitor threat intelligence sources, industry reports, and community research to identify risks relevant to Deloitte’s environment.
  • Advise leadership on trends that require updates to controls, processes, playbooks, or preparedness activities.
  • Conduct formal technology security risk assessments using Deloitte-aligned methodologies and industry standards (ISO 27005, NIST CSF, FAIR where appropriate).
  • Ensure risks are clearly documented, rated, tracked, and communicated with stakeholders, including risk acceptance or remediation plans.
  • Maintain strong documentation discipline aligned with Deloitte’s Technology GRC requirements.
  • Build and maintain strong relationships with Security Architecture & Engineering, Shared Cyber Services, Global Business Services, Member Firm Services, and Technology leadership teams.
  • Translate complex technical issues into clear, business‑orientated narratives for senior stakeholders.
  • Facilitate risk treatment discussions and negotiate realistic remediation solutions.
  • Produce clear, technically rigorous, and publication‑ready risk assessment reports suitable for distribution across Deloitte’s global member firms.
  • Translate complex technical findings into concise, structured, business‑relevant narratives that can be understood by engineering teams, leadership, and non‑technical stakeholders.
  • Ensure reports meet Deloitte’s Technology GRC requirements, including defensible evidence, consistent risk ratings, traceability, and clear remediation guidance.
  • Act as a knowledge‑sharing catalyst by contributing high‑quality documentation, reusable assessment artefacts, and thought leadership to the global cybersecurity community within Deloitte.

 

The team

 

 

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in what is but rather what can be to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

 

 

 

Qualifications

 

 

Do you possess the following?:

 

•    Strong technical experience across cloud (Azure/AWS/GCP), identity platforms, infrastructure, network security, endpoint security, and/or application security.
•    Proven ability to perform hands-on technical assessment and configuration review, not just policy audits.
•    Strong grounding in cybersecurity risk management practices and control frameworks (NIST CSF, ISO/IEC 27001/27002, ISO/IEC 27005).
•    Experience working with security operations, threat intelligence, and architecture teams.
•    Ability to influence engineering teams and negotiate practical control improvements.
•    Strong documentation, analytical, and communication skills suitable for senior and executive audiences.
•    Experience in large, global, complex technology environments (preferably similar to Deloitte’s scale).

Desirable:

•    Relevant security certifications (CISSP, CISM, CRISC, CCSP, ISO 27001 Lead Auditor/Implementer).
•    Familiarity with FAIR quantitative risk modelling.
•    Experience with IaC security (Terraform), CI/CD pipelines, cloud native security services, and DevSecOps practices.
•    Exposure to multi‑cloud security architectures and Zero Trust.

 

 

 

Our culture

 

At Deloitte Global people are valued and respected for who they are – with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.

 

Professional development

 

From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

 

Benefits

 

At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

 

Recruiting for this role ends on 02/01/2026.

 

Deloitte Global is required by local law to include a reasonable estimate of the compensation range for this role for individuals applying to work in our [Open Cities Requiring Pay Disclosure] locations. This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and delivery model. We would not anticipate that the individual hired into this role would land at or near the top end of the range, but such a decision will be dependent on the facts and circumstances of each case. A reasonable estimate of the range is - for individuals applying to work in these locations.  

Apply now »