Cyber Data Protection/PKI Manager
Role details
Job location
Tech stack
Job description
- Serve as a subject matter expert and trusted advisor to our clients, assisting them to evaluate strategic and practical data protection and encryption requirements based on new and emerging data risks, advising on best practices for data encryption, decryption, and secure key management
- Assist clients in designing, implementing and operating technology and process solutions to reduce data risks, developing and leading the implementation of encryption strategies to protect sensitive data across various environments, including cloud, on-premises, and hybrid infrastructures, to manage the deployment and lifecycle of PKI systems, ensuring robust and scalable certificate management processes, monitor and maintain the health of certificate infrastructures to prevent downtime and security breaches, and assist with developing requirements, evaluating vendor solutions, architecting, implementing and operating data protection solutions
- Aid in the delivery of client engagements, ensuring success by:
- Driving day-to-day execution, communicating updates to clients and firm leadership
- Providing leadership and support to delivery teams to ensure completion and accuracy of high-quality work products
- Tracking and reporting on project timelines to ensure on time and on budget delivery
- Stay up to date on emerging encryption technologies (e.g., post-quantum cryptography, confidential computing, secure enclaves, envelope encryption) and industry trends around cyber risk, data protection and cryptography practices.
- Proactively evaluate and recommend new tools and solutions to enhance data security
The Team
Our Cyber Strategy & Transformation offering develops and transforms cyber programs in line with a client's strategic objectives, regulatory requirements, and risk appetite. It keeps the enterprise a step ahead of the evolving threat landscape and gives stakeholders confidence in the organization's cyber posture. Includes design of the cyber organization, governance, and risk assessments.
Requirements
Do you have experience in Team management?, Do you have a Bachelor's degree?, Required:
- Bachelor's degree in Cybersecurity, Information Security, Engineering, Computer Science, Information Technology or related field
- 7+ years of professional experience within data protection and information security, which may include Data Discovery, Data Classification and Rights Management, Data Access Governance, Data Loss Prevention, Cloud Access Security Broker, Encryption, Certificate Lifecycle Management, Cloud Security, SaaS Security
- 7+ years with PKI concepts: Deep expertise in PKI architecture and enterprise trust models
- 5+ years leading CLM strategy, design, and implementation using platforms such as AppViewX, Venafi, Keyfactor, DigiCert, or similar
- Advanced knowledge of cryptography, certificate lifecycle processes, key management, HSM integration, and crypto policy enforcement
- Ability to define target-state architecture, integration patterns, and operating models for large-scale environments
- Hands-on understanding of certificate automation across load balancers, WAFs, API gateways, Kubernetes, cloud, web/app servers, and network/security infrastructure
- Experience leading discovery, inventory rationalization, remediation, renewal automation, and compliance monitoring programs
- Strong client leadership skills, including executive stakeholder management, workshop facilitation, roadmap alignment, and decision-making support
- Ability to lead technical workstreams, architects, engineers, and offshore/onshore teams
- Experience translating business, operational, and security requirements into architecture blueprints and implementation plans
- Strong understanding of delivery governance, risk management, dependencies, and quality assurance for enterprise security transformations
- Limited sponsorship may be available
Preferred:
-
Familiarity with crypto-agility strategies and post-quantum cryptography readiness
-
Knowledge of adjacent domains such as IAM, PAM, secrets management, zero trust, and machine identity management
-
Experience with DevSecOps integration, CI/CD pipeline enablement, and API-driven automation
-
Working knowledge of Python, PowerShell, Bash, REST APIs, or infrastructure automation patterns
-
Understanding of cloud-native certificate and key services in AWS, Azure, and GCP
-
Awareness of regulatory, audit, and policy requirements impacting cryptographic controls
-
Experience with operating model design, service transition, and support model definition
-
Ability to support business development, solutioning, estimation, staffing, and proposal writing
-
Strong mentoring capability for junior practitioners and emerging technical leads
-
Comfort with executive-level reporting, issue escalation, and steering committee discussions
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $144,200 - 265,600.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Benefits & conditions
3.93.9 out of 5 stars Denver, CO $144,200 - $265,600 a year - Full-time
