Manager, Cyber & Certification Lead, Engineering Platforms

The Cyber & Certification Lead plays a pivotal role in maintaining the high standards of trust, assurance, and resilience that underpin Deloitte's OpenCloud platform. The platform provides secure, turnkey cloud environments used by multiple internal and client-facing teams across NSE for hosting, experimentation, and delivery. Ensuring that these environments meet and exceed the firm's cyber, governance, and certification obligations is at the heart of this role., As Deloitte's Engineering Platforms capability continues to expand, maintaining the highest levels of security assurance and compliance across our platforms is essential. The Cyber & Certification Lead will ensure that the OpenCloud platform, and the teams that operate within it, continue to meet the firm's exacting standards for security, governance, and operational excellence.

You'll be responsible for maintaining the platform's cyber certifications - including ISO 27001, Cyber Essentials Plus, and internal GTOM (Global Technology Operating Model) assurance - while embedding robust security practices throughout day-to-day operations. You'll also work closely with user teams across Deloitte's North and South Europe (NSE) member firms to ensure that the platform is being used correctly, securely, and in alignment with firm policy.

In this role, you'll act as both guardian and enabler - helping engineering and service teams operate with agility while ensuring that the platform continues to demonstrate its compliance with industry and firm standards., * Oversee the platform's ongoing compliance with firm and industry standards, including ISO 27001, Cyber Essentials Plus, and Deloitte's internal GTOM assurance framework.

• Coordinate certification audits, evidence gathering, and renewal cycles, working closely with Risk, Cyber, and Internal Audit teams.
• Monitor and assess the security posture of the OpenCloud platform, ensuring that security controls remain effective and continuously improved.
• Engage with teams using the platform to verify correct usage, adherence to operating procedures, and compliance with data protection and security policies.
• Develop and maintain control frameworks, risk registers, and assurance documentation to support ongoing certification.
• Provide guidance and training to engineering teams on secure platform use and policy compliance.
• Support incident response, control testing, and remediation planning as part of the platform's cyber assurance activities.
• Collaborate with Architecture, Security Operations, and Engineering leadership to identify and implement improvements that strengthen security maturity.
• Report regularly on platform assurance status, risks, and audit outcomes to leadership and governance boards.
• Champion a culture of continuous compliance and proactive cyber resilience across Engineering Platforms.

• Proven experience in cybersecurity assurance, IT risk management, or compliance within a large or regulated organisation.
• Familiarity with key frameworks such as ISO 27001, Cyber Essentials Plus, and cloud security standards (e.g., CSA CCM, CIS Benchmarks).
• Strong understanding of cloud security principles across Azure, AWS, GCP & Software-as-a-Service vendors.
• Experience coordinating or supporting certification audits, evidence management, and assurance reviews.
• Ability to interpret technical risk findings and communicate them effectively to non-technical stakeholders.
• Excellent organisational and documentation skills with strong attention to detail.
• Collaborative mindset with the ability to work across engineering, operations, and governance teams.
• UK residency and ability to obtain government security clearance if required.

Desirables:

• Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or CompTIA Security+.
• Experience working within a cloud platform or managed services environment.
• Knowledge of Deloitte's GTOM, risk management, or service management frameworks.
• Exposure to automation and reporting tools for compliance evidence tracking or control validation.
• Degree in Cybersecurity, Information Assurance, or related field, or equivalent experience.

Deloitte drives progress. Our firms around the world help our clients become market leaders wherever they compete. Deloitte invests in outstanding people with diverse talents and backgrounds, empowering them to achieve more than they can elsewhere. Our work combines consulting with action and integrity. We believe that when our clients and society are stronger, so are we.