Jobs · Information Technology · Tennessee

Technical Cyber Risk Assessment Manager

Deloitte · Hermitage, TN · 3 wk ago
HybridInformation TechnologyFull-time

About the role

The Technical Cyber Risk Assessment Manager will oversee end-to-end technical risk assessments, validate control effectiveness, provide expert guidance, and collaborate with various teams to ensure security controls are implemented effectively.

Responsibilities

  • Perform in-depth technical cybersecurity risk assessments across cloud, identity, network, infrastructure, applications, and platforms.
  • Validate actual control effectiveness by reviewing live configurations, security tooling outputs, logs, and architecture implementations.
  • Provide expert challenge and guidance to DT teams on control design gaps, compensating controls, and risk reduction options.
  • Oversee end-to-end technical risk assessments, ensuring risks are identified, findings appropriately communicated / acknowledged and risk treatment agreed and documented with all DT stakeholders.
  • Work with Cybersecurity Architects to apply DT reference architectures and validate that deployed solutions align to design intent, patterns, and standards.
  • Collaborate with the Deloitte Cyber Threat Intelligence (DCTI) and Security Operations Center (SOC) teams to evaluate how effective deployed controls are against real threats, incidents, peer-industry threat intelligence, and emerging TTPs.
  • Escalate material threats or misconfigurations to DT leadership and support the design of effective remediation and mitigation strategies.
  • Stay current on cybersecurity threats, vulnerabilities, emerging technologies, and relevant regulations/standards (e.g., NIST CSF 2.0, ISO 27001/27002, SOC 2).
  • Maintain strong documentation discipline aligned with Deloitte’s Technology GRC requirements.
  • Build and maintain strong relationships with Security Architecture & Engineering, Shared Cyber Services, Global Business Services, Member Firm Services, and Technology leadership teams.
  • Translate complex technical issues into clear, business-oriented narratives for senior stakeholders.
  • Facilitate risk treatment discussions and negotiate realistic remediation solutions.
  • Produce clear, technically rigorous, and publication-ready risk assessment reports suitable for distribution across Deloitte’s global member firms.
  • Translate complex technical findings into concise, structured, business-relevant narratives that can be understood by engineering teams, leadership, and non-technical stakeholders.
  • Ensure reports meet Deloitte’s Technology GRC requirements, including defensible evidence, consistent risk ratings, traceability, and clear remediation guidance.
  • Act as a knowledge-sharing catalyst by contributing high-quality documentation, reusable assessment artefacts, and thought leadership to the global cybersecurity community within Deloitte.

Requirements

  • Strong technical experience across cloud (Azure/AWS/GCP), identity platforms, infrastructure, network security, endpoint security, and/or application security.
  • Proven ability to perform hands-on technical assessment and configuration review, not just policy audits.
  • Strong grounding in cybersecurity risk management practices and control frameworks (NIST CSF, ISO/IEC 27001/27002, ISO/IEC 27005).
  • Experience working with security operations, threat intelligence, and architecture teams.
  • Ability to influence engineering teams and negotiate practical control improvements.
  • Strong documentation, analytical, and communication skills suitable for senior and executive audiences.
  • Experience in large, global, complex technology environments (preferably similar to Deloitte’s scale).

Qualifications

  • Relevant security certifications (CISSP, CISM, CRISC, CCSP, ISO 27001 Lead Auditor/Implementer).
  • Familiarity with FAIR quantitative risk modelling.
  • Experience with IaC security (Terraform), CI/CD pipelines, cloud native security services, and DevSecOps practices.
  • Exposure to multi-cloud security architectures and Zero Trust.

Desirable

  • Relevant security certifications (CISSP, CISM, CRISC, CCSP, ISO 27001 Lead Auditor/Implementer).
  • Familiarity with FAIR quantitative risk modelling.
  • Experience with IaC security (Terraform), CI/CD pipelines, cloud native security services, and DevSecOps practices.
  • Exposure to multi-cloud security architectures and Zero Trust.

Pay

Deloitte Global is required by local law to include a reasonable estimate of the compensation range for this role for individuals applying to work in our [Open Cities Requiring Pay Disclosure] locations. This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and delivery model. We would not anticipate that the individual hired into this role would land at or near the top end of the range, but such a decision will be dependent on the facts and circumstances of each case. A reasonable estimate of the range is - for individuals applying to work in these locations.

Schedule

Not specified.

Similar jobs