Senior Manager - Associate Director, Enterprise Security
This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.
Job description
Connect to your Industry
Cyber security is critical to every organisation. We are designing and building solutions to help secure some of the largest global organisations and we need you to join us. You'll build strong relationships within our cyber practice, with over 450 extremely talented individuals in the UK alone, and as part of a Technology and Transformation practice of 7,500 people. Join us and you will help our clients solve the latest cyber security challenges, in a business with very significant growth ambitions enjoying the kind of professional development that will set your potential free.
Connect to your career at Deloitte
Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more.
What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most.
Connect to your opportunity
We're hiring senior leaders into our Enterprise Security practice - people who've earned their technical credibility and now want to use it to grow client relationships, lead teams, and deliver outcomes that matter for major organisations.
We do strategy really well, it's a core part of what we offer, but what sets this practice apart is that we see it through. We design security programmes and we implement them, turning good strategic thinking into working, tech-enabled reality. If you want to lead, you can think outside the box, execute, build human relationships, and grow a practice - read on.
You've built the expertise. Now build something with it.
What you'll actually do
You'll operate within one of our primary Industries (Corporate, Financial Services, or Public Sector) and your remit will span across leading and delivery projects, growing our practice, and developing our teams (if Public Sector is your passion then you will need to be eligible for security clearance).
Lead and deliver.
You'll take ownership of client engagements across one or more of our core focus areas (you don't need to be an expert in them all!) - and you'll stay close to the work:
• Cloud Security: Supports organisations through the complete cycle of migrating business processes to the cloud, bringing resilience, cloud native security, and cloud-based security solutions. You will be shaping detection and response capabilities that go beyond tooling - building operational models, engineering pipelines, and delivering measurable improvement in security outcomes [GG1] [WJR2] .
• Security Architecture: Integrating security into clients' business and their business into security. Supporting the resilience and modernisation of networks through modern security models such as Zero Trust. Leading the design and delivery of enterprise-scale Zero Trust strategies, from boardroom buy-in through to technical execution. You'll own the journey from architecture to working implementation.
• Emerging Technology: Integrating security into the design, build, implementation, and maintenance of next-generation technologies and the environments in which they are deployed, helping clients to get connected, stay connected, and build innovative businesses securely. Focusing on technologies that include operational technology (OT / IOT), post quantum cryptography / quantum resistant cryptography, artificial intelligence (AI), and more.
• Application Security: Enabling the design, build, implementation, and maintenance of secure applications (from mobile apps to ERP platforms) by leveraging cyber capabilities and solutions, integrating cybersecurity best practices and controls into all stages of the software development lifecycle. Driving threat-led security strategies that connect real-world risk to investment decisions and architectural choices - then ensuring those choices are implemented effectively.
What this looks like in practice: leading the design and rollout of a Zero Trust architecture across a global institution with Zscaler and Illumio; implementing a detection strategy that reduces mean-time-to-respond from days to [GG3] [WJR4] [GG5] [WJR6] minutes with Google SecOps; defining a security architecture that enables a major cloud migration and NIS2 compliance simultaneously. The work is complex, high-stakes, and directly tied to client outcomes.
Grow the practice.
You'll build and maintain trusted client relationships, identify where you can help, and lead proposals that turn insight into engagements. At this level, developing business is core to the role - but it's rooted in understanding client problems deeply and shaping solutions they trust, not cold selling (we never cold sell). You'll be the person clients call when something important is on the line. [GG7] [WJR8] [GG9] [WJR10]
Develop the team.
You'll coach, mentor, and develop talent. You'll set the standard for quality, help shape our go-to-market, and contribute to a culture where people are supported to do their best work. The people you develop will be smart, curious, and technically strong. Your job is to help them become brilliant.
Connect to your skills and professional experience
We're looking for senior practitioners who combine technical ability with commercial effectiveness, leadership presence, and a genuine focus on delivery.
Y ou'll likely bring: [GG11] [WJR12] [GG13]
• Recognised expertise in one or more of our focus areas, with a track record of leading complex security engagements for enterprise clients - from strategy through to technical delivery.
• Commercial instinct. You understand how to build trusted client relationships, identify where you can add value, and shape propositions that clients want to buy. Whether you've formally "sold" before or grown accounts through great delivery, we value both paths.
• The ability to connect technology to business outcomes. You're comfortable leading a deeply technical conversation and then walking into a board meeting to facilitate the discussion to drive a decision. This duality is central to how our practice works.
• A focus on the full journey. Y ou don't consider the job done when the strategy is agreed. You want to see it built, [GG14] [WJR15] [GG16] [WJR17] running, and delivering value. You've led technical delivery, not just advised on it.
• Leadership that brings people with you. You develop talent, set high standards, and create an environment where good people do their best work. You hire for potential, not just pedigree.
• 6+ years' experience in cybersecurity, security consulting, or a related technical field. But this is indicative only. If you've got the capability, the track record, and the ambition, the number of years is secondary.
You don't need a specific background. The best senior leaders in our practice come from a range of paths - some from deep technical delivery, some from consulting, some from industry CISO or security engineering roles. What unites them is the ability to think clearly, communicate powerfully, build client trust, and deliver results. If that's you, we're less interested in which certifications you hold than in what you've achieved.
Connect to your business - Technology and Transformation
Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters.
Cyber Enterprise Security
The Cyber Enterprise Security offering unlocks value and transforms at pace by embedding security into all aspects of digital transformation through securing a client's technical backbone while enabling significant and secure digital transformation. Includes security architecture, secure development and deployment, end-to-end cyber cloud capabilities, application security, and security for emerging technologies and connected products.
Personal independence
Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request.
Connect with your colleagues
"At Deloitte you're surrounded by subject matter experts; industry experts, technology experts, and you can access that knowledge whenever you need to." -Christian, Technology and Transformation
"We have a great culture, and the number of opportunities here mean you can develop as an individual in the direction that suits you best." -Gurpal, Technology and Transformation
Our hybrid working policy
You'll be based in London with hybrid working.
At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritise your wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role.
Connect to your return to work opportunity
Are you looking to return to the workplace after an extended career break?
For this role we can offer coaching and support designed for returners to refresh your knowledge and skills, and help your transition back into the workplace after a career break of two years or more. If this is relevant for you, just let your recruiter know when you make your application.
Our commitment to you
Making an impact is more than just what we do: it's why we're here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before.
We want you. The true you. Your own strengths, perspective and personality. So we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too. Because it's only when you're comfortable and at your best that you can make the kind of impact you, and we, live for.
Your expertise is our capability, so we'll make sure it never stops growing. Whether it's from the complex work you do, or the people you collaborate with, you'll learn every day. Through world-class development, you'll gain invaluable technical and personal skills. Whatever your level, you'll learn how to lead.
Connect to your next step
A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you'll experience a purpose you can believe in and an impact you can see. You'll be free to bring your true self to work every day. And you'll never stop growing, whatever your level.
Discover more reasons to connect with us, our people and purpose-driven culture at deloitte.co.uk/careers
[GG1] not sure about SOAR / SIEM in ES, does that fall under scope of Nick o'kellys pilar being led by Paul B
[WJR2] No it definitely doesn't. It is a key ES capability
[GG3] think we need to expand this to relevance across not just FS. This also looks to focus solely on zero trust and NIS2. Perhaps almost like we want to have a general section that talks about we want to hear from people that knowledge of e.g. NIS, NIST, HMG but not all needed, just people that experience of one or more perhaps
[WJR4] It is probably a wording thing, I read this to be an example of what they might be doing rather than this is an FS role
[GG5] I read it as - this is what they would be doing in practice, so perhaps a a tip of the hat to the industry lens, not just FS would be beneficial.
[WJR6] So I have taken out the FS reference and just have a "global institution" there now
[GG7] think this needs reworded, not keen on us talking about us cold selling in a Deloitte JD. maybe something like this "Our Leadership team responsibility involves creating trusted client relationships. This requires proactively identifying client needs and opportunities, subsequently leading the development of proposals that translate strategic insights into tangible engagements.
Business development is fundamental to this role, requiring deep understanding of client challenges and the co-creation of bespoke, trustworthy solutions. You will serve as a trusted advisor, whom clients instinctively consult for critical matters."
[WJR8] I don't understand your point here G we are saying we don't do cold selling?
[GG9] why tell them what we don't do when we can iterate what we do instead and what we are looking for. This was the reason why I didn't like the statement and thought we tell what we expect people to be involved in.
[WJR10] I think because the idea of "business development" has some odd connotations with some people, they feel it is a completely different mindset or mode of working (e.g. "there is such a thing as a business development meeting" rather than every meeting is a business development meeting) so it is useful to be clear that the way we work is not to do that and so they don't need to worry about it, equally that we don't really want someone (for this role) who is a dedicated seller.
[GG11] perhaps worth us saying we are looking for people with experience in an industry and then for GPS we say should be eligible for SC at a minimum,.
[WJR12] I would add that as an addendum to GPS specific roles
[GG13] agree, make sense,
[GG14] think language needs tweaked, perhaps something like "The role extends beyond agreement of strategic objectives. It requires active leadership and ownership across the entire delivery lifecycle, from conceptualisation and design through to successful implementation, operationalisation, and the ultimate realisation value. "
[WJR15] Again, why use more words to convey the same meaning?
[GG16] just a language thing, but my thought would be it sounded better to let the person know they would be in a leadership role to drive through the delivery lifecycle.
[WJR17] I think that would be a different point to this bullet though. It isn't around the lifecycle so much as it is focussed on a specific part of the delivery lifecycle, getting to actual value rather than advice.