Analyst, Business Information Security (BIS), Deloitte Global Technology
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Deloitte Global Technology seeks a Business Information Security Analyst to oversee security posture of applications and systems, ensuring compliance with cybersecurity policies. The role requires 3+ years of cybersecurity experience, cloud security knowledge, and strong communication skills.
Key Skills for This Role
Responsibilities
- Understand the assigned global line of business, gain familiarity with priorities and become an advocate for the line of business within cybersecurity
- Drive organizational change and work with multiple business units of a large organization to effect change
- Oversee and help drive design and implementation of application security controls in support of compliance requirements using secure design and development methodologies
- Support the Secure Systems Development Lifecycle (SSDLC), including functional and non functional cybersecurity requirements
- Strive for process improvement and automation; help development and operations team build automation for repeatable Cyber related vulnerability management activities
- Maintain awareness of evolving application security threats and inform development, business, and risk stakeholders
- Provide application specific security subject matter expertise to assigned customers
- Evaluate the likelihood and impact of application vulnerabilities; develop and drive mitigation approaches
- Lead, coach, and mentor project teams to incorporate security into enterprise and client facing applications
Requirements
- At least 3 years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client service experience in the field
- Demonstrated ability to drive organizational change and work with multiple business units of a large organization
- Exceptional verbal and written communication skills
- Experience with cloud security principles and functions
- Solid capabilities across multiple security domains such as IAM, public key encryption, SIEM, incident response, threat & vulnerability management
- Familiarity with SOC 2 principles
- Experience conducting or managing application penetration testing
- Experience in software development, security architecture, and/or application security
- Experience with Agile practices, SCRUM, Microsoft SDL, and STRIDE
Full Job Posting
Our Purpose
- At Deloitte, our Purpose is to make an impact that matters.
- We exist to inspire and help our people, organizations, communities, and countries to thrive by building a better future.
What will your typical day look like?
- As an Analyst within the Business Information Security area, you’ll work closely with both technical and non technical stakeholders within an assigned line of business or technology enablement area providing the best possible support across a range of cybersecurity, risk, and risk mitigation discipl
- The Analyst is expected to ensure that all applications and systems aligned to their line of business adhere to internal cybersecurity policies, standards, escalating any non compliance up to the associated Business Information Security Officer (BISO).
- This role is responsible for overseeing the security posture of all their assigned business/technology area’s applications and systems by ensuring security is embedded from the start.
Responsibilities include
- Understand the assigned global line of business, gain familiarity with priorities and become an advocate for the line of business within cybersecurity.
- Drive organizational change and work with multiple business units of a large organization to effect change.
- Oversee and help drive design and implementation of application security controls in support of compliance requirements using secure design and development methodologies.
- Support the Secure Systems Development Lifecycle (SSDLC), including functional and non functional cybersecurity requirements.
- Strive for process improvement and automation; help development and operations team build automation for repeatable Cyber related vulnerability management activities.
- Maintain awareness of evolving application security threats and inform development, business, and risk stakeholders.
- Provide application specific security subject matter expertise to assigned customers.
- Evaluate the likelihood and impact of application vulnerabilities; develop and drive mitigation approaches.
- Lead, coach, and mentor project teams to incorporate security into enterprise and client facing applications.
Required
- At least 3 years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client service experience in the field.
- Demonstrated ability to drive organizational change and work with multiple business units of a large organization to effect change.
- Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tact.
- Experience with cloud security principles and functions.
- Solid capabilities across multiple security domains such as identity and access management (IAM), public key encryption, security information and event management (SIEM), incident response, threat & vulnerability management
Preferred
- Familiarity with SOC 2 principles; experience in application security to meet SOC 2 requirements
- Experience conducting or managing application penetrating testing
- Experience in software development, security architecture, and/or application security
- Experience with Agile practices, SCRUM, Microsoft SDL, and STRIDE
Total Rewards
- The salary range for this position is CAD 69,000 CAD 114,000, and individuals may be eligible to participate in our bonus program.
- Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Deloitte
ServiceNow Product and Delivery Manager, Deloitte Global Technology
Toronto, CAN
Deloitte Global Technology is seeking a ServiceNow Product and Delivery Manager to drive end-to-end ServiceNow solution delivery for global member firms. The role involves leading delivery teams, owning the product roadm
Manager | Risk, Regulatory & Forensic
Saudi Arabia, KSA
Location Riyadh Manager | Risk, Regulatory & Forensic| Regulatory & Financial Risk When you work for us, you commit to a career at one of the largest and most prestigious profes...
First Nations/Inuit/Métis Candidates: Quality Engineering Analyst/Consultant - R8dius
Calgary, CAN
R8dius, an Indigenous majority-owned professional services firm, is seeking a Quality Engineering Analyst/Consultant to join their team. The role involves designing, developing, and testing technology-enabled solutions,
Manager | Risk, Regulatory & Forensic | Regulatory & Financial Risk | KSA
Riyadh, KSA
Deloitte is seeking a Manager for Risk, Regulatory & Forensic in Riyadh. The role involves operational risk management including framework governance, risk assessment, monitoring, incident management, validation, and rep
Sr Analyst / Manager, TMT, SR&ED (Vancouver)
Vancouver, CAN
Deloitte is seeking a Senior Analyst or Manager for its Global Investment and Innovation Incentives (Gi3) team in Vancouver. You will prepare SR&ED tax credit claims, manage client relationships, and support sales within
First Nations/Inuit/Métis Candidates: Quality Engineering Analyst/Consultant - R8dius
Ottawa, CAN
R8dius, an Indigenous majority-owned professional services business, is seeking a Quality Engineering Analyst/Consultant to help clients solve complex business and technology problems. This role involves designing, devel
Manager | Risk, Regulatory & Forensic | Regulatory & Financial Risk | KSA
الرياض, KSA
Deloitte is seeking a Manager for its Risk, Regulatory & Forensic practice in Riyadh. The role involves leading operational risk management engagements, including framework governance, risk assessments, and incident mana
Senior Manager, Technology Procurement, Global CoRe Procurement
Toronto, CAN
Deloitte Global seeks a Senior Manager of Technology Procurement to lead global category strategy, sourcing, negotiations, and contracting for SaaS, Cloud, and AI. You will manage a team, run multiple negotiations, and m
ServiceNow Product and Delivery Manager, Deloitte Global Technology
Toronto, CAN
Manager | Risk, Regulatory & Forensic
Saudi Arabia, KSA
First Nations/Inuit/Métis Candidates: Quality Engineering Analyst/Consultant - R8dius
Calgary, CAN
Manager | Risk, Regulatory & Forensic | Regulatory & Financial Risk | KSA
Riyadh, KSA
Sr Analyst / Manager, TMT, SR&ED (Vancouver)
Vancouver, CAN
First Nations/Inuit/Métis Candidates: Quality Engineering Analyst/Consultant - R8dius
Ottawa, CAN
Manager | Risk, Regulatory & Forensic | Regulatory & Financial Risk | KSA
الرياض, KSA
Senior Manager, Technology Procurement, Global CoRe Procurement
Toronto, CAN