Jobs · Engineering · New Jersey

Global Cybersecurity Policies & Standards & SSDLC Leader

Deloitte · Morristown, NJ · 3 mo ago
EngineeringFull-time

About the role

Lead Deloitte's Global Cybersecurity Policies & Standards Program and the Global Secure Software Development Life Cycle (SSDLC) Program. Own the development, maintenance, and enterprise roll-out of an authoritative suite of global cybersecurity policies and standards that map to key GRC and technology processes (SSDLC Optimization, Internal Automated Compliance Assessment, VCRA, ISO 27001).

Run the Global SSDLC program and its transformation to deliver consistent, trusted reviews across Member Firms and advance secure development practices organization-wide.

Responsibilities

  • Lead and own the end-to-end lifecycle (drafting, review, approval, publishing, maintenance) of Deloitte's Global Cybersecurity policies and standards.
  • Maintain and expand a mature, scalable suite of technical standards and implementation guidance, apply deep subject-matter expertise to set strategic and technical direction, drive stakeholder alignment and governance, ensure practical adoption across teams and vendors, and continuously evolve standards to address emerging risks and architectures.
  • Lead and refine Deloitte's Global SSDLC program requirements for Deloitte firm SSDLC teams.
  • Ensure consistent, risk-based application reviews across technology assets, redesign processes and tooling, leveraging automation to accelerate security review cycle times without reducing rigor, while enabling scalable, repeatable review pipelines.
  • Provide implementation guidance and escalation support as required to Deloitte firm SSDLC teams.
  • Lead and develop a team of specialists, set strategic direction and priorities, align resources and vendors to business objectives, establish governance and SLAs, track program performance and delivery, and drive continuous improvement to ensure outcomes are met.
  • Maintain technical documentation and comprehensive audit trails to ensure compliance, traceability, and readiness in support of audits.
  • Engage and influence senior stakeholders (Deloitte Firm CISOs and CTOs) to build strong relationships, understand and reconcile multiple perspectives, and drive initiatives forward to consensus through clear, compelling communication, strategic framing, and decisive stakeholder engagement.
  • Build and sustain trusted, visible relationships with Deloitte cybersecurity and technology teams, services owners/leaders, Deloitte Firm CISOs and CTOs to secure strategic buy-in; act as the go-to SME for Cybersecurity Policies and Standards and SSDLC programs - providing tailored, practical counsel that balances regulatory requirements with business priorities.
  • Drive alignment and adoption of Cybersecurity Policies and Standards and SSDLC requirements across matrixed Deloitte firm teams by using effective communication, engaging stakeholders in a timely manner helping reduce risk across the organization.
  • Proactively identify and implement scalable, technology-enabled approaches - including AI-driven automation and orchestration - to deliver standards faster, improve discoverability, and enable near-real-time updates and automated compliance checks.
  • Implement scalable, technology-enabled solutions to accelerate delivery, improve discoverability, enable near-real-time updates, and enable automated compliance checks.

Requirements

Proven experience developing strategies and successfully rolling them out across multiple member firms, including adapting for regulatory and operational differences, and building strong senior level relationships to drive alignment, adoption, and sustained execution.

Demonstrated experience evaluating emerging technologies, particularly AI/LLM assisted development and integrating them into DevSecOps practices by defining secure development guardrails, aligning with developer workflows, and ensuring secure by design coding practices in modern CI/CD environments.

Experience in leading and implementing complex, cross-organizational cybersecurity programs that delivered measurable risk reduction and improved organizational resilience.

Proven track record managing global programs and distributed teams (10+ FTEs and large budgets).

Deep knowledge of ISO 27001, SSDLC best practices, secure coding, DevSecOps, threat modelling, and secure CI/CD patterns.

Hands-on familiarity with cloud security (AWS/Azure/GCP), application security tools (SAST/DAST/SCA), and security automation.

Experience aligning security programs with GRC processes and preparing evidence for audits and certifications.

Excellent stakeholder management, written/verbal communication, and executive presence.

Strong program management skills and experience delivering transformational change in complex organizations.

Preferred

  • CISSP, CISM, CSSLP, or ISO 27001 Lead Implementer/Auditor certifications.
  • Experience with large professional services or multi-national enterprise environments.
  • Familiarity with regulatory programs and other frameworks (e.g., NIS2, GDPR) is an advantage.

Similar jobs