Cloud Security and Compliance Lead - Deloitte Global Technology

Job Type : Permanent

Work Model : Remote

Reference code : 126655

Primary Location : Toronto, ON

All Available Locations : Toronto, ON

Our Purpose

At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge.

Purpose defines who we are and gives us reason to exist as an organization.

By living our Purpose, we will make an impact that matters.

• Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness.
• Experience a firm where wellness matters.
• Be expected to share your ideas and to make them a reality.

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives.

We deliver strategic programs and services that unite our organization.

What will your typical day look like?

The Cloud Security and Compliance Lead (Manager) will be responsible for overseeing the security and compliance posture of Deloitte's Commercial Cloud and Cloud Managed Services organization in Deloitte Technology.

This includes defining and overseeing the effectiveness of process controls to ensure compliance with internal (e.g. GTOM) and external (e.

g., SOC2 T2, ISO270xx) requirements and managing related metrics and reporting. You will also be the primary interface between the Deloitte Commercial Cloud organization and various internal risk and controls teams including Cyber, Risk and Internal Audit.

Roles and Responsibilities (including but not limited to) :

Collaborate with Deloitte Commercial Cloud leads to define and document security controls related to software engineering, service delivery operations and collaboration with other internal teams (e.

g., GCS Networking and other Infrastructure teams)

• Perform regular reviews of documented security controls to establish an overall view of the security and compliance posture of the Deloitte Commercial Cloud organization.
• Lead the implementation of improvements to address posture weaknesses.
• Report directly to Deloitte Commercial Cloud Leadership on significant risk issues impacting the security and compliance posture of the organization disruptions (on-call / available as needed to address significant, unplanned events)
• Collaborate with risk & controls teams across the firm to ensure ongoing compliance with Deloitte's policy requirements
• Perform periodic compliance reviews with application teams using the Deloitte Commercial Cloud services to validate continuous compliance with Deloitte's policy requirements including application security, infrastructure security and patching, privacy reviews and other relevant topics
• Produce regular reports to describe the overall security and compliance posture of the Deloitte Commercial Cloud organization and of application teams utilizing cloud hosting services and present directly to leadership
• Oversee all activities related to the upkeep of external certifications including SOC2 T2 and ISO270xx
• Institute and oversee access management and review protocols across the Deloitte Commercial Cloud organization and report on anomalous findings or non-responsive teams
• Track the resolution and disposition of all security issues identified during assessments and reviews
• Participate in and provide expert consultation to select committees and membership groups related to cybersecurity and IT controls

About the team

Deloitte Global Technology works at the forefront of technology development and processes to support and protect Deloitte around the world.

In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Enough about us, let's talk about you

• Bachelor's Degree in Computer Science, or related; relevant industry certs. including CISSP, CISA, etc.
• Minimum five (5) years' experience in a technical or operational role with an information security focus
• Proficiency in performing risk and controls-related assessments in a cloud hosted environment
• Experience with security practices of infrastructure and cloud computing
• Experience performing application security and risk assessments
• Ability to manage multiple tasks and competing priorities with a strong sense of urgency and the ability to shift tasks in fast-paced work environment

Total Rewards

The salary range for this position is $85,000 - $156,000, and individuals may be eligible to participate in our bonus program.

Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels.

Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.

Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth.

Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization.

Some representative examples include : $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, 38+ days off (including 10 firm-wide closures known as "Deloitte Days"), flexible work arrangements and a hybrid work structure.

Our promise to our people : Deloitte is where potential comes to life.

Be yourself, and more.

We are a group of talented people who want to learn, gain experience, and develop skills. Wherever you are in your career, we want you to advance.

You shape how we make impact.

Diverse perspectives and life experiences make us better. Whoever you are and wherever you're from, we want you to feel like you belong here.

We provide flexible working options to support you and how you can contribute. Be the leader you want to be.

Be the leader you want to be

Some guide teams, some change culture, some build essential expertise. We offer opportunities and experiences that support your continuing growth as a leader.

Have as many careers as you want.

We are uniquely able to offer you new challenges and roles - and prepare you for them. We bring together people with unique experiences and talents, and we are the place to develop a lasting network of friends, peers, and mentors.

Our TVP is about relationships - between leaders and their people, the firm and its people, peers, and within in our communities.