Cyber Risk Management Jobs in Michigan (NOW HIRING)

Power and Utilities OT (Operational Technology) - Manager

Position Summary

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities?  If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Cyber team and become a member of the largest group of cybersecurity professionals worldwide.

Responsibilities:

• Identify and evaluate complex business and technology risks
• Develop remediation methods to mitigate risks
• Demonstrate problem solving, critical thinking and logical structuring skills
• Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
• Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions
• Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services
• Identify opportunities to improve engagement profitability and manage engagement economics
• Demonstrate ability to with identify and address client needs: building solid relationships with clients; developing an awareness of Firm services; communicating with the client in an organized and knowledgeable manner; delivering clear requests for information; demonstrating flexibility in prioritizing and completing tasks; and communicating potential conflicts to the manager
• Demonstrate a general knowledge of market trends, competitor activities, Deloitte Advisory products and service lines

Required Skills:

• 7+ years of demonstrate advanced understanding and experience governing and implementing power and utility regulations and standards including:
• North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
• NERC Operations and Planning (O&P)
• Federal Energy Regulatory Commission
• Transportation Security Administration (TSA) Cybersecurity
• IEC 62443 standard - Securing Industrial Automation and Control Systems (IACS)
• Nuclear Energy Institute (NEI) - NEI 08-09, 10 CFR 73.54

• 7+ years of demonstrate advanced understanding and cyber risk management in at least two of the following areas:
• SCADA with experience in securing ICS (Industrial Control Systems) security
• Internet of Things (IOT) architecture and security
• OT (Operational Technology) security
• NERC CIP-015 - Internal Network Security Monitoring (INMS)
• Embedded systems security
• OT network segmentation (zones/conduits), jump hosts, secure remote access
• Passive OT discovery/asset inventory, OT IDS, SIEM integration/use cases
• Incident response in OT (containment with availability/safety constraints)
• Vendor/OEM risk management, SBOM/patch constraints, compensating controls
• Security experience in the field environment within the Power, Utilities & Renewables, Oil & Gas, or Industrial Products & Construction industry sectors
• 7+ years of demonstrate advanced understanding of business processes and cyber risk management in an OT / SCADA environment in two or more areas such as:
• Cyber security
• Secure Supply Chain
• Security Analytics
• Security Operations Centers
• Vulnerability and Threat Management
• Data Security
• Secure Dev Ops
• Business continuity management
• Familiarity with industry standards and regulatory requirements around cyber risk management (e.g., ISO 27001, IEC 62443, NIST CSF)

• Limited sponsorship opportunities may be available

Additional Requirements:

• Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve
• Locations include: Houston, Dallas, Cleveland, Detroit, St. Louis, Pittsburgh, Boston, Charlotte, Atlanta, Miami, Memphis, Denver, Phoenix, Salt Lake City, Los Angeles, San Diego, San Franciso, Seattle.  Must be within a reasonable commute and willing to work part-time in the Deloitte and/or client offices.

Preferred:

• Minimum of 4 years working in an OT environment (e.g. OT security, ICS security, IOT security, SCADA, etc.)
• Minimum 4 years designing security for infrastructure, network and application architectures
• Experience in the Power Utilities & Renewables, Oil & Gas, or Industrial Products & Construction sector
• Demonstrated experience working with cloud platforms (AWS, Azure)
• 5+ years implementing security solutions
• BA/BS in cyber security, information security, engineering, computer science, information technology, information management, information sciences, business administration, or related field preferred
• CISSP, CISM, or CISA certification a plus
• Excellent verbal and written communication

Power and Utilities OT (Operational Technology) - Manager

Position Summary

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities?  If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Cyber team and become a member of the largest group of cybersecurity professionals worldwide.

Responsibilities:

• Identify and evaluate complex business and technology risks
• Develop remediation methods to mitigate risks
• Demonstrate problem solving, critical thinking and logical structuring skills
• Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
• Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions
• Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services
• Identify opportunities to improve engagement profitability and manage engagement economics
• Demonstrate ability to with identify and address client needs: building solid relationships with clients; developing an awareness of Firm services; communicating with the client in an organized and knowledgeable manner; delivering clear requests for information; demonstrating flexibility in prioritizing and completing tasks; and communicating potential conflicts to the manager
• Demonstrate a general knowledge of market trends, competitor activities, Deloitte Advisory products and service lines

Required Skills:

• 7+ years of demonstrate advanced understanding and experience governing and implementing power and utility regulations and standards including:
• North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
• NERC Operations and Planning (O&P)
• Federal Energy Regulatory Commission
• Transportation Security Administration (TSA) Cybersecurity
• IEC 62443 standard - Securing Industrial Automation and Control Systems (IACS)
• Nuclear Energy Institute (NEI) - NEI 08-09, 10 CFR 73.54

• 7+ years of demonstrate advanced understanding and cyber risk management in at least two of the following areas:
• SCADA with experience in securing ICS (Industrial Control Systems) security
• Internet of Things (IOT) architecture and security
• OT (Operational Technology) security
• NERC CIP-015 - Internal Network Security Monitoring (INMS)
• Embedded systems security
• OT network segmentation (zones/conduits), jump hosts, secure remote access
• Passive OT discovery/asset inventory, OT IDS, SIEM integration/use cases
• Incident response in OT (containment with availability/safety constraints)
• Vendor/OEM risk management, SBOM/patch constraints, compensating controls
• Security experience in the field environment within the Power, Utilities & Renewables, Oil & Gas, or Industrial Products & Construction industry sectors
• 7+ years of demonstrate advanced understanding of business processes and cyber risk management in an OT / SCADA environment in two or more areas such as:
• Cyber security
• Secure Supply Chain
• Security Analytics
• Security Operations Centers
• Vulnerability and Threat Management
• Data Security
• Secure Dev Ops
• Business continuity management
• Familiarity with industry standards and regulatory requirements around cyber risk management (e.g., ISO 27001, IEC 62443, NIST CSF)

• Limited sponsorship opportunities may be available

Additional Requirements:

• Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve
• Locations include: Houston, Dallas, Cleveland, Detroit, St. Louis, Pittsburgh, Boston, Charlotte, Atlanta, Miami, Memphis, Denver, Phoenix, Salt Lake City, Los Angeles, San Diego, San Franciso, Seattle.  Must be within a reasonable commute and willing to work part-time in the Deloitte and/or client offices.

Preferred:

• Minimum of 4 years working in an OT environment (e.g. OT security, ICS security, IOT security, SCADA, etc.)
• Minimum 4 years designing security for infrastructure, network and application architectures
• Experience in the Power Utilities & Renewables, Oil & Gas, or Industrial Products & Construction sector
• Demonstrated experience working with cloud platforms (AWS, Azure)
• 5+ years implementing security solutions
• BA/BS in cyber security, information security, engineering, computer science, information technology, information management, information sciences, business administration, or related field preferred
• CISSP, CISM, or CISA certification a plus
• Excellent verbal and written communication