Technical Cyber Risk Assessment Manager
About the role
The Technical Cyber Risk Assessment Manager will oversee end-to-end technical risk assessments, validate control effectiveness, provide expert guidance, and collaborate with various teams to ensure security controls are implemented effectively.
Responsibilities
- Perform in-depth technical cybersecurity risk assessments across cloud, identity, network, infrastructure, applications, and platforms.
- Validate actual control effectiveness by reviewing live configurations, security tooling outputs, logs, and architecture implementations.
- Provide expert challenge and guidance to DT teams on control design gaps, compensating controls, and risk reduction options.
- Oversee end-to-end technical risk assessments, ensuring risks are identified, findings appropriately communicated / acknowledged and risk treatment agreed and documented with all DT stakeholders.
- Work with Cybersecurity Architects to apply DT reference architectures and validate that deployed solutions align to design intent, patterns, and standards.
- Collaborate with the Deloitte Cyber Threat Intelligence (DCTI) and Security Operations Center (SOC) teams to evaluate how effective deployed controls are against real threats, incidents, peer-industry threat intelligence, and emerging TTPs.
- Escalate material threats or misconfigurations to DT leadership and support the design of effective remediation and mitigation strategies.
- Stay current on cybersecurity threats, vulnerabilities, emerging technologies, and relevant regulations/standards (e.g., NIST CSF 2.0, ISO 27001/27002, SOC 2).
- Maintain strong documentation discipline aligned with Deloitte’s Technology GRC requirements.
- Build and maintain strong relationships with Security Architecture & Engineering, Shared Cyber Services, Global Business Services, Member Firm Services, and Technology leadership teams.
- Translate complex technical issues into clear, business-oriented narratives for senior stakeholders.
- Facilitate risk treatment discussions and negotiate realistic remediation solutions.
- Produce clear, technically rigorous, and publication-ready risk assessment reports suitable for distribution across Deloitte’s global member firms.
- Translate complex technical findings into concise, structured, business-relevant narratives that can be understood by engineering teams, leadership, and non-technical stakeholders.
- Ensure reports meet Deloitte’s Technology GRC requirements, including defensible evidence, consistent risk ratings, traceability, and clear remediation guidance.
- Act as a knowledge-sharing catalyst by contributing high-quality documentation, reusable assessment artefacts, and thought leadership to the global cybersecurity community within Deloitte.
Requirements
- Strong technical experience across cloud (Azure/AWS/GCP), identity platforms, infrastructure, network security, endpoint security, and/or application security.
- Proven ability to perform hands-on technical assessment and configuration review, not just policy audits.
- Strong grounding in cybersecurity risk management practices and control frameworks (NIST CSF, ISO/IEC 27001/27002, ISO/IEC 27005).
- Experience working with security operations, threat intelligence, and architecture teams.
- Ability to influence engineering teams and negotiate practical control improvements.
- Strong documentation, analytical, and communication skills suitable for senior and executive audiences.
- Experience in large, global, complex technology environments (preferably similar to Deloitte’s scale).
Qualifications
- Relevant security certifications (CISSP, CISM, CRISC, CCSP, ISO 27001 Lead Auditor/Implementer).
- Familiarity with FAIR quantitative risk modelling.
- Experience with IaC security (Terraform), CI/CD pipelines, cloud native security services, and DevSecOps practices.
- Exposure to multi-cloud security architectures and Zero Trust.
Desirable
- Relevant security certifications (CISSP, CISM, CRISC, CCSP, ISO 27001 Lead Auditor/Implementer).
- Familiarity with FAIR quantitative risk modelling.
- Experience with IaC security (Terraform), CI/CD pipelines, cloud native security services, and DevSecOps practices.
- Exposure to multi-cloud security architectures and Zero Trust.
Pay
Deloitte Global is required by local law to include a reasonable estimate of the compensation range for this role for individuals applying to work in our [Open Cities Requiring Pay Disclosure] locations. This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and delivery model. We would not anticipate that the individual hired into this role would land at or near the top end of the range, but such a decision will be dependent on the facts and circumstances of each case. A reasonable estimate of the range is - for individuals applying to work in these locations.
Schedule
Not specified.