Global Cybersecurity Governance Risk and Compliance, Audit and Certification Leader
Cyber Security Cyber Risk Posted: 27-Aug-2024
Atlanta, Georgia, United States
Chicago, Illinois, United States
Cincinnati, Ohio, United States
Dallas, Texas, United States
Hermitage, Tennessee, United States
Houston, Texas, United States
Philadelphia, Pennsylvania, United States
San Antonio, Texas, United States
Tampa, Florida, United States
Minneapolis, Minnesota, United States
Work you'll do
The Global Cybersecurity Governance Risk & Compliance, Audit & Certification (A&C) leader is responsible for audit and certification management activities in the first line of defense within DT. This includes internal and external certification and compliance responsibilities, including client mandated ISO 27001 certification and SOC 2 attestation that directly tie to revenue generating work across multiple member firms and geographies. Key responsibilities for the role include:
- Own the DT Information Security Management System (ISMS). Responsible for the maintenance, governance and continuous improvement of DT’s ISO 27001 and 27017 certifications, SOC 2 attestation reports and Member Firm Standards 8 and 4 attestations for DT-as-a-member firm.
- Act as the “face of DT” for internal and external cyber audit activities. Lead, develop and grow team of 11 Cyber professionals supporting the A&C Program
- Enable the production and distribution of clean audit reports to MFs and their clients. Ensure control effectiveness to reduce surprise audit findings.
- Guide, influence and support GTS leadership, member firm IT leaders and Global Businesses in matters relating to DT IT audit and certifications.
Strategic Responsibility
- Define, deliver and continuously improve the audit and certification strategy and roadmap, in alignment with DT, business, member firm and regulatory requirements.
- Proactively collaborate with internal stakeholders to instill a culture of ongoing audit readiness and an effective control environment that support successful audit outcomes and clean audit reports.
Operational /Budgetary Responsibility
- Establish necessary processes and protocols to maintain the DT audit & certification roadmap with IT functions, ensure alignment with internal and external audit requirements.
- Oversee audit fieldwork in progress, manage the interpretation and provision of requested documents and artefacts, ensure proper representation of practices and controls, and coordinate written management responses to audit findings.
- Proactively collaborate on an ongoing basis with MFs, auditors and relevant stakeholders to ensure audit, certifications and client inquiries are completed as efficiently and effectively as possible.
- Actively manage corrective action/progress against non-compliance, opportunities for improvements reported in audits and escalate where necessary.
- Foresee and support the onset of new regulations or newer assurance expectations from MFs, their clients, and regulators (e.g., NIS2, DORA) and discuss with internal stakeholders proactively.
- Provide audit & certification activities for DT by working with IT functions and external and internal auditors to ensure timely scheduling and execution of audits to enable on-time availability of audit reports.
- Effectively and efficiently manage $3.6M budget
Complexity
- The complexity of this role requires the ability to identify, analyze, and execute problems to resolution, handling complex issues simultaneously while effectively communicating across teams, building strong relationships through the organization, and influencing those not in direct line of authority. This role has ownership of decision-making for their area of responsibility within the business unit.
- Deep organizational awareness and ability to navigate the complex DT and Deloitte network and business, to effectively deliver IT certifications that meet business need.
- Ability to proactively research and understand A&C regulatory landscape, best practices, and adjust A&C roadmap as required
Influence and Impact
- This role interacts with and influences DT leadership, MF IT leaders, as well as working effectively with Global Businesses. Ability to identify and influence senior DT leadership, resulting in successful collaboration and outcomes. Maintain effective relationships with DT and MF stakeholders to effectively communicate the audit & certification objectives, coordinate with DT service areas and control owners to ensure controls are designed, implemented and operate effectively.
- Act as point person in providing a consolidated view of audit issues, summary to GRC Leader as needed.
- Interact with IT Leaders in raising awareness and provide guidance on scope of audits and certification activities and implications to front line teams.
Leadership/Talent Development
- This role is responsible for talent strategy and decisions, defining and creating A&C team operating models, resourcing, and performance management. Attract, recruit, coach, reward and retain talent, foster a diverse and high-performing team with the right competencies.
- A&C Lead defines team members’ roles and responsibilities and articulates how they support overall goals and shared purpose. This role creates positive team building activities to allow the A&C to leverage the team to deliver effective solutions and achieve superior performance for the business. This role builds and leads a team by articulating a shared sense of purpose, defining roles, responsibilities, and performance management expectations.
The team
Qualifications
- Extensive leadership experience in a Global IT Organization
- ISO 27001 and SOC 2 qualifications and experience
- Knowledge of Deloitte beneficial