USI-EH25-Cyber Security-BISO Analyst-HYD

Cyber Security BISO Team works with the Deloitte Function Specific Subsidiaries (FSS) & Chief Information Security Officer (CISO) organization directly supporting Deloitte’s Enabling Areas portfolios. The role involves close integration with various internal leaders and teams, client-service leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption.

The Business Information Security Officer (BISO) Analyst will work closely with the Application teams of various lines of businesses (LOB), including the Office of Chief Information Officer (OCIO). In this role, you will support a group/team to develop a deep understanding of the business to facilitate specialized information security risk-based discussions. This role requires a proactive individual with a keen eye for detail and a strong understanding of cybersecurity frameworks such as, ISO, NIST, CIS.

Key Responsibilities:

• Contribute to the ongoing development, implementation, and maintenance of information security initiatives.
• Possess a strong background in application development and/or application security, with knowledge of the Software Development Life Cycle (SDLC) from design, testing, deployment to post-production, and the different risk elements associated with each step.
• Serve as an Information Security subject matter expert and liaison with Information Security teams.
• Collaborate with application teams on information security critical priorities.
• Support the triage process with the application teams and help them understand the Information Security support structure.
• Display subject matter experience in application security, vulnerability testing & system testing.
• Prioritize vulnerabilities based on risk and potential impact.
• Collaborate with IT and security teams to develop and implement remediation plans.
• Track and verify the remediation of identified vulnerabilities.
• Prepare detailed reports on vulnerability findings and remediation status.
• Communicate findings to relevant stakeholders, including IT, security, and management teams.
• Stay up to date with the latest vulnerability trends, tools, and best practices.
• Recommend and implement improvements to the vulnerability management process.
• Assist in the investigation and response to security incidents related to vulnerabilities.
• Provide expertise in vulnerability exploitation and mitigation techniques.
• Ensure compliance with relevant regulations, standards, and policies related to vulnerability management.

Qualifications:

• Education:
• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Experience:
• 1-2 years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
• 2-4 years of experience in vulnerability management, cybersecurity, or a related field.
• Experience with vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7).
• Technical Skills:
• Strong understanding of common vulnerabilities and exposure (CVE) and common vulnerability scoring system (CVSS).
• Knowledge of network and system security principles.
• Familiarity with operating systems (Windows, Linux, Unix) and network protocols.
• Certifications:
• Relevant certifications such as CompTIA Security+, CISSP, CEH, GIAC, or similar are preferred.
• Soft Skills:
• Excellent analytical and problem-solving skills.
• Strong communication skills, both written and verbal.
• Ability to work independently and as part of a team.
• Detail-oriented with a strong focus on accuracy and quality.
• Ability to work in a fast-paced environment and manage multiple tasks simultaneously.