Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
Manager, Technology Risk Management
Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte’s Information Technology Services (ITS). We are insatiably curious and life-long learners focused on technology and innovation.
Work you’ll do You will serve as a Risk and Controls Manager within the TechnologyRisk Management (TRM) Program for informationsecurity and compliance across the US Firm. This role sits in the Information Technology Services (ITS) Cyber Security team. This individual manages and continually enhances thesecurity compliance andrisk management programsupporting thesecurity interests of the firm across all primarysecurity domains and technology environments, including cloud. The Manager uses independent judgment and discretion in identifying issues andrisk, and subsequent analysis ofrisk for all technology functions across the US firm while establishing, interpreting, andapplying relevant firm policies, guidelines, client commitments and regulatory requirements. This position will challengerisk assessment results and consult with teams forrisk remediation,reporting and escalation, as needed. They will alsowork with various technology functions to identify and ensure appropriate compliance requirements are implemented and operating effectively. This role will provide work leadership to other employees, as necessary.Managesrisk assessments andreports on findings, consult on remediation plans, track status, aggregate results andreportto Management / Leadership
- Manages deep-dive controls testing for high risk areas for independent validation of issues and remediation efforts
- Serves as a subject matter expert to Technology functions for technology security and compliance requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
- Responsible for continuously improving and updating the risk management program, controls monitoring and TRM program
- Manages notification of updated controls requirements to technology functions due to regulatory and firm policy updates
- Provides input into the annual strategic planning and budgetprocesses for GRC platform and risk management program
- Leads and coaches a team of Analysts
- Performs other job-related duties as assigned
Information Technology Services (ITS) helps power Deloitte’s success. ITS is the engine that drives Deloitte, which serves many of the world’s largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~2,200 professionals in ITS deliver services including:
- Security, risk & compliance
- Technology support
- Relationship management
Cyber Security The Cyber Security team vigilantly protects Deloitte and client data. The team is responsible for a strategic cyber risk program which adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team protects the Deloitte brand.
- Demonstrated advanced proficiency in Security and Compliance and Regulatory Requirements (SOC 2, ISO27001, NIST800-53, PCAOB, CSA, etc.), Cloud Technologies, and / or management of Risk Management programs / Risk Assessments
- Industry certifications (e.g., CISA, CISM, CISSP and/or other equivalent licenses/certifications
- Excellent communication, listening and facilitation skills
- Ability to work independently and cross-functionally, and manage a team of Analysts
- Excellent time management and related organizational skills including appropriate sense of urgency and a proactive approach
- Ability to exercise professional judgment, develop an opinion, articulate issues and present to leadership
- Bachelor’s degree in Computer Science, Information Technology or equivalent educational or professional experience and/or qualifications.
- Advanced degree
- Minimum of 8 years of experience in risk management and / or IT governance and compliance