Continuous Threat Exposure Management (CTEM) Manager

Are you an experienced cybersecurity professional looking to take on complex challenges, expand your leadership impact, and help shape the future of cyber defense? At Deloitte & Touche LLP, you'll work with leading organizations to address a critical business issue: strengthening security while enabling innovation and reducing threat exposure. Join Deloitte's Cyber Defense & Resilience Continuous Threat Exposure Management (CTEM) team to help clients identify, assess, and reduce their attack surface and overall cyber risk. In this role, you'll bring your experience to high-impact client environments, work alongside top cyber practitioners, and contribute to some of the market's most complex and strategic security engagements. Work you'll do As a Cyber Defense & Resilience Manager , you will lead teams and work directly with clients to address complex attack surface security challenges and strengthen their overall cyber posture. You will support organizations in reducing risk by applying leading practices across cybersecurity, security operations, and threat exposure management. This role offers the opportunity to help clients navigate an evolving threat landscape while delivering practical, business-aligned security solutions. In this role, you will: u2022 Execute exposure-based patching and automation aligned to CTEM priorities u2022 Lead teams and build trusted client relationships through high-quality delivery u2022 Oversee end-to-end patching operations, including deployment and maintenance of vulnerability and patch management tools across technologies and lifecycle phases u2022 Provide technical guidance across vulnerability management, patching, exception management, and reporting u2022 Identify opportunities to improve efficiency, reduce risk, and enhance threat visibility u2022 Develop clear client deliverables and support proposals, POVs, and firm initiatives u2022 Mentor junior team members and drive innovation in next-generation security solutions The team At Deloitte, our Cyber Specialists help organizations manage cyber risk and drive business value through stronger security, greater visibility, and embedded privacy. By combining program design, implementation, operations, and incident response capabilities with deep industry and mission knowledge, we help clients protect their most valuable assets, enable secure digital transformation, and respond quickly to an evolving threat landscape. Required: + 10+ years of experience in information technology and/or information security + Experience working with service delivery teams across multiple geographic regions + Demonstrated ability to plan, design, deploy, operationalize, and lead secure, scalable vulnerability and patch management programs from strategy through execution + Experience owning the end-to-end CTEM remediation lifecycle, including exposure identification, prioritization, patch execution, validation, and reporting + Hands-on experience remediating vulnerabilities across operating systems, middleware, and applications, including critical exposures such as zero-days, KEVs, and externally exposed assets + Ability to translate CTEM signals, threat intelligence, exploitability, attack paths, and asset criticality into risk-based patching and remediation plans + Experience leading continuous patching operations aligned to real-time threat conditions, including emergency response for active threats and exploitation campaigns + Experience integrating vulnerability management, CTEM, and attack surface management platforms with patch management and automation tools + Strong hands-on experience with patch management tools such as BigFix, SCCM/MECM, Red Hat Satellite, and WSUS, and vulnerability management tools such as Tenable, Rapid7, and Qualys + Proficiency in PowerShell, Bash, Python, and JSON, with experience using Ansible, Terraform, and related orchestration tools to drive automation-first patching strategies + Experience validating remediation through rescans, system health checks, exposure reduction metrics, and attack path disruption + Ability to remove remediation blockers and coordinate patch windows and remediation activities across infrastructure, application, OT, and asset owner teams + Experience developing patch procedures, runbooks, exception processes, and KPI reporting focused on exposure reduction, not just patch compliance + Strong understanding of CVSS, exploitability, exposure context, and core security principles such as defense-in-depth, least privilege, security architecture, and threat modeling + Experience with Linux and Windows patching and working knowledge of ITSM and CMDB platforms such as ServiceNow + Foundational knowledge of AI and LLM concepts, including common use cases, risks, and security considerations + Strong client-facing, consulting, collaboration, communication, and relationship-building skills, with the ability to work independently and exercise sound professional judgment + Strong analytical, problem-solving, and troubleshooting skills, with experience supporting client proposals and work orders Additional Requirements: u2022 Travel up to 50%. u2022 Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future. u2022 Identify opportunities to improve engagement profitability. u2022 Excellent teamwork and interpersonal skills. Preferred: u2022 Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, Information Technology, or a related field u2022 Consulting or Big 4 experience preferred u2022 Familiarity with frameworks such as NIST CSF, CIS, ISO 27001, and CSA CCM u2022 Experience with ServiceNow workflows, automation, and orchestration u2022 Strong proposal development, communication, project management, and organizational skills u2022 Excellent writing and verbal communication skills. Compensation The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to skill sets, experience and training, licensure and certifications, and other business and organizational needs. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $124,700 - $229,500. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Created: 2026-05-07