Cyber GRC Technical Manager - Archer

Deloitte Digital   •  

Phoenix, AZ

Industry: Professional, Scientific & Technical Services


5 - 7 years

Posted 202 days ago

This job is no longer available.

Position summary

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities?  If so, Deloitte & Touche LLP could be the place for you.  Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Cyber Risk Program Development and Governance services team and support the transition to an executive-led cyberrisk program that balances requirements to be secure, vigilant, and resilient in line with the risk appetite of the organization  

Work you’ll do

As a GRC Technical Manager, one will behelping organizations develop practical solutions to achieve better visibility over key components of thecyberriskprogram, leveraging leading vendor GRC platforms or custom-built solutions.  Some examples of what you will do include:

  • Implementing data classification schemas and assigning assurance levels to information assets.  
  • Performing risk assessments, using risk assessment software or developing risk assessment tools at the enterprise level. Experience performing surveys and inventories across globally distributed organizations; including application, database and policy inventories a plus. 
  • Performing security and/or privacy gap assessments and producing executive management reports on current practices that expose an organization to privacy and/or securityrisks.  Experience with an organization's privacy and security due diligence efforts when entering into third party relationships or M&A activities a plus.
  • Defining and deploying risk management and GRC programs at large and complex organizations.

The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice.    

  • 6+ years of work experience in designing and implementing risk management and GRC processes
  • 6+ years of work experience in defining business and functional requirements and working with technology teams to support these requirements through automation using GRC software that includes, but is not limited to Archer, BWise, OpenPages and Agiliance
  • 3+ years working to identify and address internal and external client needs, including:
    • working collaboratively with senior risk stakeholders (CIO, CRO, CISOs and direct reports)
    • building solid, trust-based relationships with client stakeholders;
    • developing quality and meaningful deliverables that suit specific client needs;
    • communicating with clients in an organized and knowledgeable manner;
    • demonstrating flexibility in prioritizing and completing tasks; and
    • working collaboratively with the client to identify and solve key constraints, risks and issues
  • 6+ years of security, risk and compliance experience.
  • 6+ years of hands on experience designing and configuring the RSA Archer, Agiliance, or BWise GRC suite of products
  • 1+ years competency with regulatory mandates such as GLBA, HIPAA, PCI and SOX & risk management frameworks such as ISO 27001, NIST and/or Cobit Competency with IT GRC tool
  • Must be willing to travel up to 80% within North America
  • BA/BS Degree in Computer Science, Cyber Security, Information Security, Engineering, Information Technology, Finance, Business


  • Previous Consulting or Big 4 experiencepreferred. 
  • Certifications such as: CISSP, CISM, or CISA certification a plus