Jobs · Engineering · Tennessee

Technical Cyber Risk Assessment Manager

Deloitte · Nashville, TN · 7 mo ago
EngineeringFull-time

About the role

The Technical Cyber Risk Assessment Manager will oversee end-to-end technical risk assessments, ensuring risks are identified, findings appropriately communicated / acknowledged and risk treatment agreed and documented with all DT stakeholders. They will also provide oversight and technical assurance on the implementation of security controls within DT infrastructure, platforms, cloud, identity, and endpoint technologies.

Responsibilities

  • Perform in-depth technical cybersecurity risk assessments across cloud, identity, network, infrastructure, applications, and platforms.
  • Validate actual control effectiveness by reviewing live configurations, security tooling outputs, logs, and architecture implementations.
  • Provide expert challenge and guidance to DT teams on control design gaps, compensating controls, and risk reduction options.
  • Oversee end-to-end technical risk assessments, ensuring risks are identified, findings appropriately communicated / acknowledged and risk treatment agreed and documented with all DT stakeholders.
  • Work with Cybersecurity Architects to apply DT reference architectures and validate that deployed solutions align to design intent, patterns, and standards.
  • Collaborate with the Deloitte Cyber Threat Intelligence (DCTI) and Security Operations Center (SOC) teams to evaluate how effective deployed controls are against real threats, incidents, peer-industry threat intelligence, and emerging TTPs.
  • Escalate material threats or misconfigurations to DT leadership and support the design of effective remediation and mitigation strategies.
  • Stay current on cybersecurity threats, vulnerabilities, emerging technologies, and relevant regulations/standards (e.g., NIST CSF 2.0, ISO 27001/27002, SOC 2).
  • Maintain strong documentation discipline aligned with Deloitte’s Technology GRC requirements.
  • Build and maintain strong relationships with Security Architecture & Engineering, Shared Cyber Services, Global Business Services, Member Firm Services, and Technology leadership teams.
  • Translate complex technical issues into clear, business-oriented narratives for senior stakeholders.
  • Facilitate risk treatment discussions and negotiate realistic remediation solutions.
  • Produce clear, technically rigorous, and publication-ready risk assessment reports suitable for distribution across Deloitte’s global member firms.
  • Translate complex technical findings into concise, structured, business-relevant narratives that can be understood by engineering teams, leadership, and non-technical stakeholders.
  • Ensure reports meet Deloitte’s Technology GRC requirements, including defensible evidence, consistent risk ratings, traceability, and clear remediation guidance.
  • Act as a knowledge-sharing catalyst by contributing high-quality documentation, reusable assessment artefacts, and thought leadership to the global cybersecurity community within Deloitte.

Qualifications

  • Strong technical experience across cloud (Azure/AWS/GCP), identity platforms, infrastructure, network security, endpoint security, and/or application security.
  • Proven ability to perform hands-on technical assessment and configuration review, not just policy audits.
  • Strong grounding in cybersecurity risk management practices and control frameworks (NIST CSF, ISO/IEC 27001/27002, ISO/IEC 27005).
  • Experience working with security operations, threat intelligence, and architecture teams.
  • Ability to influence engineering teams and negotiate practical control improvements.
  • Strong documentation, analytical, and communication skills suitable for senior and executive audiences.
  • Experience in large, global, complex technology environments (preferably similar to Deloitte’s scale).

Desirable

  • Relevant security certifications (CISSP, CISM, CRISC, CCSP, ISO 27001 Lead Auditor/Implementer).
  • Familiarity with FAIR quantitative risk modelling.
  • Experience with IaC security (Terraform), CI/CD pipelines, cloud native security services, and DevSecOps practices.
  • Exposure to multi-cloud security architectures and Zero Trust.

Benefits

At Deloitte Global, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

Similar jobs