120 Deloitte Environment Jobs Hiring Near You

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

The Technical Cyber Risk Assessment Manager will be responsible for the following:

• Perform in‑depth technical cybersecurity risk assessments across cloud, identity, network, infrastructure, applications, and platforms.
• Validate actual control effectiveness by reviewing live configurations, security tooling outputs, logs, and architecture implementations.
• Provide expert challenge and guidance to DT teams on control design gaps, compensating controls, and risk reduction options.
• Oversee end‑to‑end technical risk assessments, ensuring risks are identified, findings appropriately communicated / acknowledged and risk treatment agreed and documented with all DT stakeholders. 
• Provide oversight and technical assurance on the implementation of security controls within DT infrastructure, platforms, cloud, identity, and endpoint technologies.
• Work with Cybersecurity Architects to apply DT reference architectures and validate that deployed solutions align to design intent, patterns, and standards.
• Collaborate with the Deloitte Cyber Threat Intelligence (DCTI) and Security Operations Center (SOC) teams to evaluate how effective deployed controls are against real threats, incidents, peer‑industry threat intelligence, and emerging TTPs.
• Escalate material threats or misconfigurations to DT leadership and support the design of effective remediation and mitigation strategies.
• Stay current on cybersecurity threats, vulnerabilities, emerging technologies, and relevant regulations/standards (e.g., NIST CSF 2.0, ISO 27001/27002, SOC 2).
• Monitor threat intelligence sources, industry reports, and community research to identify risks relevant to Deloitte’s environment.
• Advise leadership on trends that require updates to controls, processes, playbooks, or preparedness activities.
• Conduct formal technology security risk assessments using Deloitte-aligned methodologies and industry standards (ISO 27005, NIST CSF, FAIR where appropriate).
• Ensure risks are clearly documented, rated, tracked, and communicated with stakeholders, including risk acceptance or remediation plans.
• Maintain strong documentation discipline aligned with Deloitte’s Technology GRC requirements.
• Build and maintain strong relationships with Security Architecture & Engineering, Shared Cyber Services, Global Business Services, Member Firm Services, and Technology leadership teams.
• Translate complex technical issues into clear, business‑orientated narratives for senior stakeholders.
• Facilitate risk treatment discussions and negotiate realistic remediation solutions.
• Produce clear, technically rigorous, and publication‑ready risk assessment reports suitable for distribution across Deloitte’s global member firms.
• Translate complex technical findings into concise, structured, business‑relevant narratives that can be understood by engineering teams, leadership, and non‑technical stakeholders.
• Ensure reports meet Deloitte’s Technology GRC requirements, including defensible evidence, consistent risk ratings, traceability, and clear remediation guidance.
• Act as a knowledge‑sharing catalyst by contributing high‑quality documentation, reusable assessment artefacts, and thought leadership to the global cybersecurity community within Deloitte.

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Do you possess the following?:

•    Strong technical experience across cloud (Azure/AWS/GCP), identity platforms, infrastructure, network security, endpoint security,       and/or application security.
•    Proven ability to perform hands-on technical assessment and configuration review, not just policy audits.
•    Strong grounding in cybersecurity risk management practices and control frameworks (NIST CSF, ISO/IEC 27001/27002, ISO/IEC 27005).
•    Experience working with security operations, threat intelligence, and architecture teams.
•    Ability to influence engineering teams and negotiate practical control improvements.
•    Strong documentation, analytical, and communication skills suitable for senior and executive audiences.
•    Experience in large, global, complex technology environments (preferably similar to Deloitte’s scale).

Desirable:

•    Relevant security certifications (CISSP, CISM, CRISC, CCSP, ISO 27001 Lead Auditor/Implementer).
•    Familiarity with FAIR quantitative risk modelling.
•    Experience with IaC security (Terraform), CI/CD pipelines, cloud native security services, and DevSecOps practices.
•    Exposure to multi‑cloud security architectures and Zero Trust.

The salary range for this position is $85,000 - $156,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.
Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth.  Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. On top of our regular paid vacation days, some examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, firm-wide closures known as "Deloitte Days", dedicated days of for learning (known as Development and Innovation Days), flexible work arrangements and a hybrid work structure.