Technical Cyber Risk Assessment Manager, Deloitte Global Technology

Canada
$85,000-156,000 per year
Permanent
Full-time

21 days ago

We use cookies to offer you the best possible website experience. Your cookie preferences will be stored in your browser's local storage. This includes cookies necessary for the website's operation. Additionally, you can freely decide and change any time whether you accept cookies or choose to opt out of cookies to improve website's performance, as well as cookies used to display content tailored to your interests. Your experience of the site and the services we are able to offer may be impacted if you do not accept all cookies. Modify Cookie PreferencesReject All Cookies Accept All CookiesSearch JobsSearch JobsJob DescriptionApply nowStartPlease wait...Job Title: Technical Cyber Risk Assessment Manager, Deloitte Global TechnologyPosting Start Date: 3/18/26Job Description:--Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.What will your typical day look like?The Technical Cyber Risk Assessment Manager will be responsible for the following:

Perform in-depth technical cybersecurity risk assessments across cloud, identity, network, infrastructure, applications, and platforms.
Validate actual control effectiveness by reviewing live configurations, security tooling outputs, logs, and architecture implementations.
Provide expert challenge and guidance to DT teams on control design gaps, compensating controls, and risk reduction options.
Oversee end-to-end technical risk assessments, ensuring risks are identified, findings appropriately communicated / acknowledged and risk treatment agreed and documented with all DT stakeholders.
Provide oversight and technical assurance on the implementation of security controls within DT infrastructure, platforms, cloud, identity, and endpoint technologies.
Work with Cybersecurity Architects to apply DT reference architectures and validate that deployed solutions align to design intent, patterns, and standards.
Collaborate with the Deloitte Cyber Threat Intelligence (DCTI) and Security Operations Center (SOC) teams to evaluate how effective deployed controls are against real threats, incidents, peer-industry threat intelligence, and emerging TTPs.
Escalate material threats or misconfigurations to DT leadership and support the design of effective remediation and mitigation strategies.
Stay current on cybersecurity threats, vulnerabilities, emerging technologies, and relevant regulations/standards (e.g., NIST CSF 2.0, ISO 27001/27002, SOC 2).
Monitor threat intelligence sources, industry reports, and community research to identify risks relevant to Deloitte's environment.
Advise leadership on trends that require updates to controls, processes, playbooks, or preparedness activities.
Conduct formal technology security risk assessments using Deloitte-aligned methodologies and industry standards (ISO 27005, NIST CSF, FAIR where appropriate).
Ensure risks are clearly documented, rated, tracked, and communicated with stakeholders, including risk acceptance or remediation plans.
Maintain strong documentation discipline aligned with Deloitte's Technology GRC requirements.
Build and maintain strong relationships with Security Architecture & Engineering, Shared Cyber Services, Global Business Services, Member Firm Services, and Technology leadership teams.
Translate complex technical issues into clear, business-orientated narratives for senior stakeholders.
Facilitate risk treatment discussions and negotiate realistic remediation solutions.
Produce clear, technically rigorous, and publication-ready risk assessment reports suitable for distribution across Deloitte's global member firms.
Translate complex technical findings into concise, structured, business-relevant narratives that can be understood by engineering teams, leadership, and non-technical stakeholders.
Ensure reports meet Deloitte's Technology GRC requirements, including defensible evidence, consistent risk ratings, traceability, and clear remediation guidance.
Act as a knowledge-sharing catalyst by contributing high-quality documentation, reusable assessment artefacts, and thought leadership to the global cybersecurity community within Deloitte.

About the teamDeloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.Enough about us, let's talk about youDo you possess the following?:

Strong technical experience across cloud (Azure/AWS/GCP), identity platforms, infrastructure, network security, endpoint security, and/or application security.
Proven ability to perform hands-on technical assessment and configuration review, not just policy audits.
Strong grounding in cybersecurity risk management practices and control frameworks (NIST CSF, ISO/IEC 27001/27002, ISO/IEC 27005).
Experience working with security operations, threat intelligence, and architecture teams.
Ability to influence engineering teams and negotiate practical control improvements.
Strong documentation, analytical, and communication skills suitable for senior and executive audiences.
Experience in large, global, complex technology environments (preferably similar to Deloitte's scale).

Desirable:

Relevant security certifications (CISSP, CISM, CRISC, CCSP, ISO 27001 Lead Auditor/Implementer).
Familiarity with FAIR quantitative risk modelling.
Experience with IaC security (Terraform), CI/CD pipelines, cloud native security services, and DevSecOps practices.
Exposure to multi-cloud security architectures and Zero Trust.

Total RewardsThe salary range for this position is $85,000 - $156,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth. Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. On top of our regular paid vacation days, some examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, firm-wide closures known as "Deloitte Days", dedicated days of for learning (known as Development and Innovation Days), flexible work arrangements and a hybrid work structure.Apply nowStartPlease wait...Get connectedServicesIndustriesCareersLegalConnect© 2024. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.×Cookie Consent ManagerWhen you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.Required CookiesThese cookies are required to use this website and can't be turned off.Show More DetailsRequired Cookies Provider Description Enabled
SAP as service providerWe use the following session cookies, which are all required to enable the website to function:

"route" is used for session stickiness
"careerSiteCompanyId" is used to send the request to the correct data center
"JSESSIONID" is placed on the visitor's device during the session so the server can identify the visitor
"Load balancer cookie" (actual cookie name may vary) prevents a visitor from bouncing from one instance to another

Functional CookiesThese cookies provide a better customer experience on this site, such as by remembering your login details, optimizing video performance, or providing us with information about how our site is used. You may freely choose to accept or decline these cookies at any time. Note that certain functionalities that these third-parties make available may be impacted if you do not accept these cookies.Show More DetailsFunctional Cookies Provider Description Enabled
YouTubeYouTube is a video-sharing service where users can create their own profile, upload videos, watch, like, and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos.Advertising CookiesThese cookies serve ads that are relevant to your interests. You may freely choose to accept or decline these cookies at any time. Note that certain functionality that these third parties make available may be impacted if you do not accept these cookies.Show More DetailsAdvertising Cookies Provider Description Enabled
LinkedInLinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn.AddThisGoogle Analytics is a web analytics service offered by Google that tracks and reports website traffic.

Deloitte

Apply Now