Cyber Strategy and Governance—Lead Solution Advisor / Sr Solution Advisor —Payment Security

Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy
Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security
consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting
Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under licenseWork you will do

Deloitte Advisory has an opening for a Payment Security Architect Senior Consultant. This individual's primary function
is to provide payment security planning and deployment expertise to project teams and client organizations in the Cyber
Risk space. Responsibilities include:
 Understands payment security engagements as they relate to clients’ businesses
 Demonstrates knowledge of cardholder data protection and provides guidance to the project teams in
payment security scoping exercise and strategy development based on industry standards like PCI-DSS, PA
DSS, PCI PTS, etc.
 Performs payment security gap assessments based on industry standards like PCI-DSS, PA DSS, PCI PTS, etc.
and provides recommendations to remediate gaps
 Assists the project teams with designing and implementing cardholder data protection and monitoring
solutions
 Performs product evaluation and recommends suitable products to protect cardholder data

The team

The Cyber Risk Services group is part of the wider technology risk practice within Deloitte Advisory. We help “Fortune
500” clients solve business issues related to cybersecurity risk management, cyber threats, privacy, governance,
business resilience, and process improvements. Learn more about our Cyber Risk Services practice.

Deloitte’s Cyber Strategy and Governance practice is focused on helping our clients to design and implement
transformational programs to reduce and manage cyber threats. We help our clients to define their overall cyber
strategy, design global, pan-enterprise programs that focus on mitigating threats; evaluate their objectives, priorities,
strengths, and weaknesses; and roll out large-scale organizational changes to achieve goals.

Qualifications and experience

Required:
 6+ years overall experience
 Understands industry standards such as PCI DSS, PA DSS, PCI PTS, etc. and technologies used to collect,
share, access and use credit card data
 Understands security methods and technical elements to protect credit card data, i.e., access controls in the
operating system, application and network environment, firewall, SSL, IDS, VPN, DMZ, encryption, digital
certificates, biometrics, monitoring tools, mobile data protection
 Ability to understand and comprehend how cardholder data flows from its source till settlement covering data
acquisition, transfer, storage, disposal (via data flow diagrams)
 Ability to understand network architecture diagram in-scope for the cardholder environment
 Certifications like CISSP, CISA, CRISC, etc. are a plus
 Knowledge of ISO27001/ISO27002, COBIT, NIST Cybersecurity Framework and similar standards is a plus
 Knowledge of security principles including, but not limited to, threats and vulnerabilities, confidentiality,
integrity, and availability, security risk management, defense-in-depth, security event and incident handling,
hardening practices, and configuration management
 Requires strong analytical and communication skills as well as sound judgment and the ability to work effectively
with Infrastructure Architects, Network and Network Security Architects, Technology Architects and Executives
 Bachelors / Master’s degree in Computer Science or similar engineering discipline including Software
Engineering, Electrical Engineering
How you will grow

At Deloitte, we have invested a great deal to create a rich environment in which our professionals can grow. We want
all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as
a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including
exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way.
No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms,
team-based learning, and eLearning. Deloitte University (DU): The Leadership Center in India, our state-of-the-art,
world-class learning center in the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a
tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in
India.

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad
range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals
by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be
healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to
maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead
healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to
relationships with our clients, our people, and our communities. We believe that business has the power to inspire and
transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact
in our communities. Learn more about Deloitte’s impact on the world.

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms,
and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”)
does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that
operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the
rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

Copyright © 2018 Deloitte Development LLC. All rights reserved.