Deloitte Cloud Security Risk Senior Consultant in Costa Mesa, California
Digital Controls - Cloud Security Risk - Senior Consultant
Do you thrive in times of disruption? Have a passion for turning challenges and opportunities into long-term competitive advantages? As a Senior Consultant in Deloitte Risk & Financial Advisory, you'll have the opportunity to gain valuable hands-on experience working alongside leading professionals across diverse industries while building your professional skills in a variety of project experiences. Our Deloitte Risk & Financial Advisory practice helps organizations effectively navigate business risks and opportunities-from strategic, reputation, and financial risks to operational, cyber, and regulatory risks-to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading team's help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries.
Deloitte Risk & Financial Advisory helps organizations navigate a variety of risks to lead in the marketplace and disrupt through innovation. The insights of our professionals, combined with our specialized products and services, help clients learn how to embrace complexity and leverage their position of strength to accelerate performance.
Learn more about our Deloitte Risk & Financial Advisory practice at Deloitte.
Work you'll do
Our professionals understand the dynamics of serving complex, global clients across multiple industries, and the importance of increasing transparency around business performance. We provide specialized cloud and internal control services for internal and external audit clients along with other services related to financial reporting. To further exploit opportunities and mitigate the risks presented by different markets, we also work with clients to navigate complexities, risks and opportunities presented by third-party relationships.
The type of work you focus on will be influenced by your office placement and business needs. Your recruiter will be able to provide more information about our offices. Projects would be aligned to Cloud and may include:
Application modernization and migration risk assessments
Cloud native applications and services risk and control assessments
Cloud services orchestration and automation
Cloud managed services
Risk and control assessments
Control design, implementation, operation, and evaluation
Cloud secure reference architectures design evaluation
Risk and control analysis of automated DevSecOps pipelines
Cloud security posture management assessments
Ideating and developing cloud risk and controls solutions to meet client needs
Regardless of project type, your work will require :
Proficiency in verbal and written communication skills essential to interacting with clients and teams
Ability to work independently and manage multiple projects/assignments/responsibilities in a fast-paced environment with minimal oversight
Strong problem solving and critical thinking skills
Ability to quickly research and collect data from unique places
Ability to synthesize data and convey information in a concise yet meaningful way
Strong understanding of Cloud and IaaS, PaaS, and SaaS services
BA/BS in Computer Science, Information Systems Administration or a related field
4+ years of related professional experience
3+ years' experience in auditing Cloud (e.g.; AWS, Azure or GCP) from a technical risk and controls perspective
Associate or professional level certifications in AWS, Azure, or GCP
Experience in Infrastructure as a code, DevSecOps, CI/CD pipeline architecture, and relevant tools such as GitHub, CircleCI, Jenkins, Ansible, Cloud Formation, Terraform, AzureDevOps, etc.
Experience in automation and leveraging it to drive risk, security compliance, monitoring and remediation
Demonstrated ability to plan and manage engagements along with ensuring deliverables meet work plan specifications and deadlines.
Strong background in IT risk assessment and remediation within Cloud and/or computer control environments
Experience identifying controls and making recommendations to bolster security and compliance posture
Expertise in designing and developing proof of concepts and executing test plans
Demonstrated ability to write technical reports and to participate in presentations with executive leadership
Ability to travel up to 50% (While 50% travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice)
Limited immigration sponsorship may be available.
Prior Big 4 experience is a plus
Working knowledge of programming and scripting languages (e.g., Python, Node.js, PowerShell, JSON, YAML, etc.)
Experience working with Web service and APIs strongly preferred
Knowledge of industry information security and cloud security frameworks such as NIST 800-53, ISO 27001, CSA CCM etc.
Understanding of data analytics tools such as Tableau, Alteryx, Snowflake is a plus
Experience with Sarbanes-Oxley is desirable
Master's in accounting, Computer Science, Information Systems, or a related field is a plus
CPA, CISA or CISSP
Team management experience is a plus
Understanding of cloud technologies like Containers, Kubernetes, serverless, microservices, IOT, AI, etc. highly desirable
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.