Sr. Information Security Analyst

Deloitte Services LP provides a wide variety of internal support services to Deloitte LLP and its subsidiaries and their people. Deloitte Services LP is comprised of Operations, Financial Support Services, Information Technology, Marketing & Communications, Human Resources and more. As with all the businesses within Deloitte LLP and its subsidiaries, a core set of competencies is associated with each of these businesses. An overall understanding of quality client service, a proven track record of working in multifunctional teams and across multiple geographies, strong business acumen and the instinct to think and act globally are essential for advancement within Deloitte Services LP.
 
Job Overview & Key Relationships:
The Information Security Architect is responsible for information technology security controls design, review, and consultation for groups within and outside ITS; the individual has a deep awareness of current and developing security technologies and architectures to support
research and recommendations. This person will work closely with management, other team members, development teams, business analysts, and end users to ensure data protection for systems used by all areas of the organization.
 
Responsibilities:
- Independently, or through leading other staff, design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical, and control requirements.
- Provide professional consultation and guidance to ITS, Federal Security, and other teams' members regarding security aspects and implications of technical design elements of architecture or configurations.
- Formulate and recommend the strategic technical security directions for ITS in collaboration with other teams. Support development of business plans, strategies, policies, standards, processes and procedures to enable security and compliance.
- Enable the implementation and enforcement of the US Firms' security policies through
escalation of issues to appropriate management and tracking of outcomes and timelines.
- Identify, review and document potential future-use security products, architectures and technologies. Pro-actively research new and upcoming security products, architectures and technologies; make determinations regarding the potential usefulness of these in the existing and planned environment. Clearly document the rationale behind recommendations for management review.
- Represent IRC in a variety of information security and project issues. Develop, recommend and assess methods to remediate identified security control concerns.
- Guide and train Security Analysts to increase their knowledge and skill regarding advanced security techniques and methodologies, and convey current, new or potential regulatory requirements for information security. 

- Bachelor's degree (information technology, computer science, or related fields preferred), or equivalent professional experience and/or
qualifications.
- Five (5) years of information security experience of increasing complexity; a minimum of three (3) years must be hand-on, deep and progressive experience in the implementation of information security engineering projects; systems analysis, design and programming; or detailed systems planning.
- Active US DoD Top Secret security clearance or the ability to obtain a US DoD Top Secret security clearance required.
- Working knowledge of and ability to determine appropriate application of US Federal government requirements for classified and unclassified systems and data handling.
- Solid understanding of IP communications protocols combined with working end-to-end knowledge of at least one current commercial product in each of the following areas:
Message Transfer Agent (e.g. Lotus Notes, Microsoft Exchange, SendMail)
Collaboration tool (e.g. Microsoft SharePoint, eRoom)
Server operating system (e.g. Windows Server 2003/2008, UNIX/Linux)
Virtualization
software (e.g. VMware, Microsoft Virtual Server)
Encryption software (e.g. Microsoft PKI, PGP)
- Good understanding of networked systems interrelationships, systems administration techniques and practices at the data center/enterprise level, system diagnostic techniques.
- Knowledge of networking (WAN, LAN, wLAN), network domains (Internet, intranet, DMZ), IP communication techniques/protocols, and their combined effects on network and host systems security. Understanding of firewall, IPS/IDS and proxy/load-balancer architecture.
- Possession of current CISSP certification preferred; equivalent knowledge required. Familiar with and able to apply time-proven, generally-accepted security methods, concepts and techniques as they relate to both the commercial and industrial security needs of the US Firms' business activities.
- Strong negotiation skills and ability to interact effectively with various levels of management and staff in both technical and business roles.  Able to
defuse situations, work around defensive attitudes, and deal with diverse personalities to achieve assignment objectives. Ability to articulate security policies, procedures and guidelines to all levels of management and staff.
- Ability to maintain awareness of local, national and international trends and developments in the area of security and ability to relate them to the needs of the Deloitte U.S. Firms. Ability to learn and retain new skills as required supporting a continually changing technical environment.
- Ability to travel occasionally (up to 25%) including international travel.
- Ability to occasionally work non-standard shifts and/or on-call to support the requirements of the organization.


About Deloitte

As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Deloitte LLP and its subsidiaries are
equal opportunity employers.

Disclaimer: If you are not reviewing this job posting on our Careers’ site (careers.deloitte.com) or one of our approved job boards, we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at careers.deloitte.com.