Watch this video to learn more about Deloitte LLP
Job Details
CMAQ Consultant
Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
The Team
Our Cyber Strategy & Transformation offering develops and transforms cyber programs in line with a client's strategic objectives, regulatory requirements, and risk appetite. It keeps the enterprise a step ahead of the evolving threat landscape and gives stakeholders confidence in the organization's cyber posture. Includes design of the cyber organization, governance, and risk assessments.
Recruiting for this role ends on 1/12/2026.
Work You'll Do
Deloitte delivers Cyber Metrics Analytics and Quantification (CMAQ) advisory and implementation services to help clients better measure, analyze, and manage cyber risk in business terms. By combining our expertise in cyber risk, advanced analytics, and strategic communications, we provide a comprehensive suite of services, including:
*Advise: Develop enterprise-wide cyber risk quantification strategies, conduct current-state maturity and data readiness assessments, deliver custom metric catalogs, and provide executive and stakeholder education on interpreting and leveraging cyber analytics.
*Implement: Facilitate the design and integration of metrics-driven risk management processes, enable automated data collection and analytics tool deployment, and operationalize dashboards and reporting frameworks using proven methodologies and accelerators.
*Operate: Support clients in ongoing cyber risk governance activities, analytics-driven reporting, and preparation and support for board and regulator reporting requirements.
As a CMAQ Consultant, you will help organizations develop executive-level cyber risk reporting solutions to provide oversight of organizational risk aligned to business domains and industry frameworks.
Key Responsibilities:
*Supporting cyber risk quantification engagements by assessing client environments, identifying data sources and data availability, defining metrics (Key Performance Indicators and Key Risk Indicators), develop custom risk aggregation and scoring methodologies, and designing and building automated reporting solutions across industries, including highly regulated sectors.
*Developing comprehensive cyber risk quantification methodologies, translating technical and organizational insights into detailed long-term strategies that help clients prioritize areas of risk to their organizations and guide risk management efforts.
*Designing and documenting cyber domain metrics and risk aggregation that align with industry standards, organizational objectives, and leading quantification methodologies (such as FAIR or Deloitte's proprietary frameworks).
*Differentiating between business requirements and technical integration, ensuring both metrics frameworks and operational practices reflect accurate data collection, risk modeling and aggregation, and reporting aligned to domains such as incident management, vulnerability management, IAM, etc.
*Facilitating stakeholder engagement by leading workshops, requirements-gathering sessions, and effectively communicating complex cyber risk and quantification concepts to technical and non-technical audiences at all organizational levels.
*Collaborating with client leaders (such as CIOs, CISOs, IT, compliance, risk, and business stakeholders) to develop a unified cyber risk management approach, drive program adoption, and advance the organization's overall cyber resilience.
*Delivering tailored training, executive awareness sessions, and technical workshops focused on cyber risk analytics, metrics interpretation, and effective risk communication.
*Exhibiting adaptability, initiative, and a self-starter mindset to proactively prioritize tasks and deliver high-quality outcomes in dynamic, client-facing environments.
Skills and Qualifications
Required:
*2+ years of experience in cybersecurity, risk management, or cyber analytics consulting, with a focus on risk quantification frameworks such as FAIR, NIST CSF, or similar.
*2+ years of experience conducting cyber risk assessments, analytics maturity reviews, or risk quantification and reporting engagements for regulated industries or global organizations.
*2+ years of xperience designing and implementing cyber risk measurement policies, metrics frameworks, and analytics-driven processes aligned to business objectives and regulatory expectations.
*Demonstrated understanding of cyber risk quantification concepts, metrics development, and business-aligned cyber reporting methodologies.
*2+ years of experience working with clients to define business and analytic requirements and supporting the implementation of cyber risk quantification and reporting solutions.
*BA/BS Degree in Cybersecurity, Information Security, Data Science, Computer Science, Engineering, Information Technology, or related field.
*Ability to travel up to 50%, on average, based on project requirements and client needs.
*Limited sponsorship may be available.
Preferred:
* Previous consulting or Big 4 experience.
* Experience supporting organizations in the commercial space across various industries, including Financial Services, Healthcare / Pharmaceutical, Retail / Consumer, etc.
* Certifications such as CISSP, CISM, CISA, or similar; technical certifications related to AWS, Azure or data visualization tools such as Power BI, Tableau, etc.
* Experience with security tools and platforms related to cyber risk (e.g., GRC, vulnerability management, incident management, endpoint security), or data visualization (e.g., Power BI, Tableau).
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $97,900 to $ $147,600.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
'Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html . 'CMAQ Consultant
Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
The Team
Our Cyber Strategy & Transformation offering develops and transforms cyber programs in line with a client's strategic objectives, regulatory requirements, and risk appetite. It keeps the enterprise a step ahead of the evolving threat landscape and gives stakeholders confidence in the organization's cyber posture. Includes design of the cyber organization, governance, and risk assessments.
Recruiting for this role ends on 1/12/2026.
Work You'll Do
Deloitte delivers Cyber Metrics Analytics and Quantification (CMAQ) advisory and implementation services to help clients better measure, analyze, and manage cyber risk in business terms. By combining our expertise in cyber risk, advanced analytics, and strategic communications, we provide a comprehensive suite of services, including:
*Advise: Develop enterprise-wide cyber risk quantification strategies, conduct current-state maturity and data readiness assessments, deliver custom metric catalogs, and provide executive and stakeholder education on interpreting and leveraging cyber analytics.
*Implement: Facilitate the design and integration of metrics-driven risk management processes, enable automated data collection and analytics tool deployment, and operationalize dashboards and reporting frameworks using proven methodologies and accelerators.
*Operate: Support clients in ongoing cyber risk governance activities, analytics-driven reporting, and preparation and support for board and regulator reporting requirements.
As a CMAQ Consultant, you will help organizations develop executive-level cyber risk reporting solutions to provide oversight of organizational risk aligned to business domains and industry frameworks.
Key Responsibilities:
*Supporting cyber risk quantification engagements by assessing client environments, identifying data sources and data availability, defining metrics (Key Performance Indicators and Key Risk Indicators), develop custom risk aggregation and scoring methodologies, and designing and building automated reporting solutions across industries, including highly regulated sectors.
*Developing comprehensive cyber risk quantification methodologies, translating technical and organizational insights into detailed long-term strategies that help clients prioritize areas of risk to their organizations and guide risk management efforts.
*Designing and documenting cyber domain metrics and risk aggregation that align with industry standards, organizational objectives, and leading quantification methodologies (such as FAIR or Deloitte's proprietary frameworks).
*Differentiating between business requirements and technical integration, ensuring both metrics frameworks and operational practices reflect accurate data collection, risk modeling and aggregation, and reporting aligned to domains such as incident management, vulnerability management, IAM, etc.
*Facilitating stakeholder engagement by leading workshops, requirements-gathering sessions, and effectively communicating complex cyber risk and quantification concepts to technical and non-technical audiences at all organizational levels.
*Collaborating with client leaders (such as CIOs, CISOs, IT, compliance, risk, and business stakeholders) to develop a unified cyber risk management approach, drive program adoption, and advance the organization's overall cyber resilience.
*Delivering tailored training, executive awareness sessions, and technical workshops focused on cyber risk analytics, metrics interpretation, and effective risk communication.
*Exhibiting adaptability, initiative, and a self-starter mindset to proactively prioritize tasks and deliver high-quality outcomes in dynamic, client-facing environments.
Skills and Qualifications
Required:
*2+ years of experience in cybersecurity, risk management, or cyber analytics consulting, with a focus on risk quantification frameworks such as FAIR, NIST CSF, or similar.
*2+ years of experience conducting cyber risk assessments, analytics maturity reviews, or risk quantification and reporting engagements for regulated industries or global organizations.
*2+ years of xperience designing and implementing cyber risk measurement policies, metrics frameworks, and analytics-driven processes aligned to business objectives and regulatory expectations.
*Demonstrated understanding of cyber risk quantification concepts, metrics development, and business-aligned cyber reporting methodologies.
*2+ years of experience working with clients to define business and analytic requirements and supporting the implementation of cyber risk quantification and reporting solutions.
*BA/BS Degree in Cybersecurity, Information Security, Data Science, Computer Science, Engineering, Information Technology, or related field.
*Ability to travel up to 50%, on average, based on project requirements and client needs.
*Limited sponsorship may be available.
Preferred:
* Previous consulting or Big 4 experience.
* Experience supporting organizations in the commercial space across various industries, including Financial Services, Healthcare / Pharmaceutical, Retail / Consumer, etc.
* Certifications such as CISSP, CISM, CISA, or similar; technical certifications related to AWS, Azure or data visualization tools such as Power BI, Tableau, etc.
* Experience with security tools and platforms related to cyber risk (e.g., GRC, vulnerability management, incident management, endpoint security), or data visualization (e.g., Power BI, Tableau).
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
'Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html . '
Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
The Team
Our Cyber Strategy & Transformation offering develops and transforms cyber programs in line with a client's strategic objectives, regulatory requirements, and risk appetite. It keeps the enterprise a step ahead of the evolving threat landscape and gives stakeholders confidence in the organization's cyber posture. Includes design of the cyber organization, governance, and risk assessments.
Recruiting for this role ends on 1/12/2026.
Work You'll Do
Deloitte delivers Cyber Metrics Analytics and Quantification (CMAQ) advisory and implementation services to help clients better measure, analyze, and manage cyber risk in business terms. By combining our expertise in cyber risk, advanced analytics, and strategic communications, we provide a comprehensive suite of services, including:
*Advise: Develop enterprise-wide cyber risk quantification strategies, conduct current-state maturity and data readiness assessments, deliver custom metric catalogs, and provide executive and stakeholder education on interpreting and leveraging cyber analytics.
*Implement: Facilitate the design and integration of metrics-driven risk management processes, enable automated data collection and analytics tool deployment, and operationalize dashboards and reporting frameworks using proven methodologies and accelerators.
*Operate: Support clients in ongoing cyber risk governance activities, analytics-driven reporting, and preparation and support for board and regulator reporting requirements.
As a CMAQ Consultant, you will help organizations develop executive-level cyber risk reporting solutions to provide oversight of organizational risk aligned to business domains and industry frameworks.
Key Responsibilities:
*Supporting cyber risk quantification engagements by assessing client environments, identifying data sources and data availability, defining metrics (Key Performance Indicators and Key Risk Indicators), develop custom risk aggregation and scoring methodologies, and designing and building automated reporting solutions across industries, including highly regulated sectors.
*Developing comprehensive cyber risk quantification methodologies, translating technical and organizational insights into detailed long-term strategies that help clients prioritize areas of risk to their organizations and guide risk management efforts.
*Designing and documenting cyber domain metrics and risk aggregation that align with industry standards, organizational objectives, and leading quantification methodologies (such as FAIR or Deloitte's proprietary frameworks).
*Differentiating between business requirements and technical integration, ensuring both metrics frameworks and operational practices reflect accurate data collection, risk modeling and aggregation, and reporting aligned to domains such as incident management, vulnerability management, IAM, etc.
*Facilitating stakeholder engagement by leading workshops, requirements-gathering sessions, and effectively communicating complex cyber risk and quantification concepts to technical and non-technical audiences at all organizational levels.
*Collaborating with client leaders (such as CIOs, CISOs, IT, compliance, risk, and business stakeholders) to develop a unified cyber risk management approach, drive program adoption, and advance the organization's overall cyber resilience.
*Delivering tailored training, executive awareness sessions, and technical workshops focused on cyber risk analytics, metrics interpretation, and effective risk communication.
*Exhibiting adaptability, initiative, and a self-starter mindset to proactively prioritize tasks and deliver high-quality outcomes in dynamic, client-facing environments.
Skills and Qualifications
Required:
*2+ years of experience in cybersecurity, risk management, or cyber analytics consulting, with a focus on risk quantification frameworks such as FAIR, NIST CSF, or similar.
*2+ years of experience conducting cyber risk assessments, analytics maturity reviews, or risk quantification and reporting engagements for regulated industries or global organizations.
*2+ years of xperience designing and implementing cyber risk measurement policies, metrics frameworks, and analytics-driven processes aligned to business objectives and regulatory expectations.
*Demonstrated understanding of cyber risk quantification concepts, metrics development, and business-aligned cyber reporting methodologies.
*2+ years of experience working with clients to define business and analytic requirements and supporting the implementation of cyber risk quantification and reporting solutions.
*BA/BS Degree in Cybersecurity, Information Security, Data Science, Computer Science, Engineering, Information Technology, or related field.
*Ability to travel up to 50%, on average, based on project requirements and client needs.
*Limited sponsorship may be available.
Preferred:
* Previous consulting or Big 4 experience.
* Experience supporting organizations in the commercial space across various industries, including Financial Services, Healthcare / Pharmaceutical, Retail / Consumer, etc.
* Certifications such as CISSP, CISM, CISA, or similar; technical certifications related to AWS, Azure or data visualization tools such as Power BI, Tableau, etc.
* Experience with security tools and platforms related to cyber risk (e.g., GRC, vulnerability management, incident management, endpoint security), or data visualization (e.g., Power BI, Tableau).
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $97,900 to $ $147,600.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
'Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html . 'CMAQ Consultant
Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
The Team
Our Cyber Strategy & Transformation offering develops and transforms cyber programs in line with a client's strategic objectives, regulatory requirements, and risk appetite. It keeps the enterprise a step ahead of the evolving threat landscape and gives stakeholders confidence in the organization's cyber posture. Includes design of the cyber organization, governance, and risk assessments.
Recruiting for this role ends on 1/12/2026.
Work You'll Do
Deloitte delivers Cyber Metrics Analytics and Quantification (CMAQ) advisory and implementation services to help clients better measure, analyze, and manage cyber risk in business terms. By combining our expertise in cyber risk, advanced analytics, and strategic communications, we provide a comprehensive suite of services, including:
*Advise: Develop enterprise-wide cyber risk quantification strategies, conduct current-state maturity and data readiness assessments, deliver custom metric catalogs, and provide executive and stakeholder education on interpreting and leveraging cyber analytics.
*Implement: Facilitate the design and integration of metrics-driven risk management processes, enable automated data collection and analytics tool deployment, and operationalize dashboards and reporting frameworks using proven methodologies and accelerators.
*Operate: Support clients in ongoing cyber risk governance activities, analytics-driven reporting, and preparation and support for board and regulator reporting requirements.
As a CMAQ Consultant, you will help organizations develop executive-level cyber risk reporting solutions to provide oversight of organizational risk aligned to business domains and industry frameworks.
Key Responsibilities:
*Supporting cyber risk quantification engagements by assessing client environments, identifying data sources and data availability, defining metrics (Key Performance Indicators and Key Risk Indicators), develop custom risk aggregation and scoring methodologies, and designing and building automated reporting solutions across industries, including highly regulated sectors.
*Developing comprehensive cyber risk quantification methodologies, translating technical and organizational insights into detailed long-term strategies that help clients prioritize areas of risk to their organizations and guide risk management efforts.
*Designing and documenting cyber domain metrics and risk aggregation that align with industry standards, organizational objectives, and leading quantification methodologies (such as FAIR or Deloitte's proprietary frameworks).
*Differentiating between business requirements and technical integration, ensuring both metrics frameworks and operational practices reflect accurate data collection, risk modeling and aggregation, and reporting aligned to domains such as incident management, vulnerability management, IAM, etc.
*Facilitating stakeholder engagement by leading workshops, requirements-gathering sessions, and effectively communicating complex cyber risk and quantification concepts to technical and non-technical audiences at all organizational levels.
*Collaborating with client leaders (such as CIOs, CISOs, IT, compliance, risk, and business stakeholders) to develop a unified cyber risk management approach, drive program adoption, and advance the organization's overall cyber resilience.
*Delivering tailored training, executive awareness sessions, and technical workshops focused on cyber risk analytics, metrics interpretation, and effective risk communication.
*Exhibiting adaptability, initiative, and a self-starter mindset to proactively prioritize tasks and deliver high-quality outcomes in dynamic, client-facing environments.
Skills and Qualifications
Required:
*2+ years of experience in cybersecurity, risk management, or cyber analytics consulting, with a focus on risk quantification frameworks such as FAIR, NIST CSF, or similar.
*2+ years of experience conducting cyber risk assessments, analytics maturity reviews, or risk quantification and reporting engagements for regulated industries or global organizations.
*2+ years of xperience designing and implementing cyber risk measurement policies, metrics frameworks, and analytics-driven processes aligned to business objectives and regulatory expectations.
*Demonstrated understanding of cyber risk quantification concepts, metrics development, and business-aligned cyber reporting methodologies.
*2+ years of experience working with clients to define business and analytic requirements and supporting the implementation of cyber risk quantification and reporting solutions.
*BA/BS Degree in Cybersecurity, Information Security, Data Science, Computer Science, Engineering, Information Technology, or related field.
*Ability to travel up to 50%, on average, based on project requirements and client needs.
*Limited sponsorship may be available.
Preferred:
* Previous consulting or Big 4 experience.
* Experience supporting organizations in the commercial space across various industries, including Financial Services, Healthcare / Pharmaceutical, Retail / Consumer, etc.
* Certifications such as CISSP, CISM, CISA, or similar; technical certifications related to AWS, Azure or data visualization tools such as Power BI, Tableau, etc.
* Experience with security tools and platforms related to cyber risk (e.g., GRC, vulnerability management, incident management, endpoint security), or data visualization (e.g., Power BI, Tableau).
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
'Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html . '
Required Skills
Company Details
Deloitte LLP
New York City, NY, United States
Don't imagine what's next. Discover it. We provide industry-leading audit & assurance services, consulting, tax and advisory services to many of... Read more