Federal Security and Privacy Services Manager - Application Integrity

Federal Security and Privacy Services Manager - Application Integrity Deloitte & Touche LLP's ("Deloitte & Touche's") Audit and Enterprise Risk Services business has a risk-based approach, experienced professionals, comprehensive methodologies, and technical resources. Deloitte & Touche's services combine competency and experience in the areas of financial reporting, risk management, and compliance.   Providing security across the enterprise - Deloitte & Touche's Security and Privacy Services   Business models today encourage, and even require, opening boundaries between customers, suppliers, and partners. Technology can enable that openness and is also seen as a means to help achieve compliance with corporate policy and regulation. However, behind this increased accessibility and reliance on technology exists real risks and challenges.  Technology can support compliance efforts, act as a business enabler, and provide a foundation to achieving secure systems.  Meanwhile complex network environments, global operations, and human beings often challenge an organization's security efforts. The increasing occurrence and complexity of security threats indicate that security has become a business imperative. Managing information risk at the enterprise level enables companies to achieve more efficient and effective security processes and programs. Issues such as stakeholder value, consumer confidence, brand and reputation protection, and legal and regulatory compliance can be addressed.   Digital information security is a management issue with global business implications. To succeed in today's network economy requires more than simply a focus on IT issues - it also requires a focus on security strategy and management.  Deloitte & Touche's Security and Privacy Services practice provides services that address how to take advantage of this dynamic situation while managing risks and are based on an enterprise-wide approach that focuses on security through seven areas:    - Application Integrity - Business Continuity Management - Identity & Access Management - Infrastructure & Operations Security - Privacy & Data Protection - Security Management - Vulnerability Management Job Duties: - Assess clients' security and control readiness and provide appropriate security assistance. - Identify and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement - Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects - Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions - Generate innovative ideas and challenge the status quo - Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services - Play substantive/lead role and engagement planning, economics, and billing - Assist in retention of professionals - Participate in training efforts - Play substantive role in enhancing relationships with Deloitte & Touche and Deloitte Tax LLP professionals - Identify opportunities to cross-sell other services - Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines - Build and nurture positive working relationships with clients with the intention to exceed client expectations - Understand clients' business environment and basic risk management approaches - Participate in proposal development efforts - Participate in "add-on" sales to client - Membership and visibility in professional & civic organizations  Application integrity provides end-to-end integrity of business transactions and enables the effective use of new technologies. It includes security and controls in ERP and e-Business application implementations, including SAP, Oracle, PeopleSoft, Siebel, Ariba and custom applications.   Required Skills include: - 5+ years experience in ERP application security controls design and implementation for SAP, Oracle and/or Peoplesoft . - BA/BS in information technology or related field, MS preferred - Strong background in business-process controls, and  design, configuration and testing of  application security - Implementation experience on one or more of Oracle, JD Edwards, or SAP applications.  Security and controls implementation experience or system or user administration experience is a plus - Information system audit experience and an understanding of segregation of duty concerns in security implementations or in an ERP environment; knowledge of Approva, Bizrights, Virsa or Secureinfo and  Bindview desired - Good understanding of distributed system recovery, distributed systems administration, database administration in security auditing techniques and/or computer control environments. - Sarbanes-Oxley or FFMIA, FMFI, OMB Cir.A-123, FISMA, FISCAM, GAO Greenbook readiness or attestation experience - CISSP, CCNA and/or CISM, CISA certification is a plus - Prior Big 4 or consulting experience preferred - Prior management experience - Excellent  technical, analytical, interpersonal, communication, and management skills - Industry Experiences in financial services, high-tech, consumer products, manufacturing and/or healthcare preferred - Ability to travel About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Deloitte LLP and its subsidiaries are equal opportunity employers.