Global Cybersecurity Governance Risk and Compliance, Audit and Certification Leader

Cyber Security Cyber Risk Posted: 27-Aug-2024

Same job available in 10 locations

Atlanta, Georgia, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Dallas, Texas, United States

Hermitage, Tennessee, United States

Houston, Texas, United States

Philadelphia, Pennsylvania, United States

San Antonio, Texas, United States

Tampa, Florida, United States

Minneapolis, Minnesota, United States

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Work you'll do

The Global Cybersecurity Governance Risk & Compliance, Audit & Certification (A&C) leader is responsible for audit and certification management activities in the first line of defense within DT. This includes internal and external certification and compliance responsibilities, including client mandated ISO 27001 certification and SOC 2 attestation that directly tie to revenue generating work across multiple member firms and geographies. Key responsibilities for the role include:

  • Own the DT Information Security Management System (ISMS). Responsible for the maintenance, governance and continuous improvement of DT’s ISO 27001 and 27017 certifications, SOC 2 attestation reports and Member Firm Standards 8 and 4 attestations for DT-as-a-member firm.
  • Act as the “face of DT” for internal and external cyber audit activities. Lead, develop and grow team of 11 Cyber professionals supporting the A&C Program
  • Enable the production and distribution of clean audit reports to MFs and their clients. Ensure control effectiveness to reduce surprise audit findings.
  • Guide, influence and support GTS leadership, member firm IT leaders and Global Businesses in matters relating to DT IT audit and certifications.

Strategic Responsibility

  • Define, deliver and continuously improve the audit and certification strategy and roadmap, in alignment with DT, business, member firm and regulatory requirements.
  • Proactively collaborate with internal stakeholders to instill a culture of ongoing audit readiness and an effective control environment that support successful audit outcomes and clean audit reports.

Operational /Budgetary Responsibility

  • Establish necessary processes and protocols to maintain the DT audit & certification roadmap with IT functions, ensure alignment with internal and external audit requirements.
  • Oversee audit fieldwork in progress, manage the interpretation and provision of requested documents and artefacts, ensure proper representation of practices and controls, and coordinate written management responses to audit findings.
  • Proactively collaborate on an ongoing basis with MFs, auditors and relevant stakeholders to ensure audit, certifications and client inquiries are completed as efficiently and effectively as possible.
  • Actively manage corrective action/progress against non-compliance, opportunities for improvements reported in audits and escalate where necessary.
  • Foresee and support the onset of new regulations or newer assurance expectations from MFs, their clients, and regulators (e.g., NIS2, DORA) and discuss with internal stakeholders proactively.
  • Provide audit & certification activities for DT by working with IT functions and external and internal auditors to ensure timely scheduling and execution of audits to enable on-time availability of audit reports.
  • Effectively and efficiently manage $3.6M budget

Complexity

  • The complexity of this role requires the ability to identify, analyze, and execute problems to resolution, handling complex issues simultaneously while effectively communicating across teams, building strong relationships through the organization, and influencing those not in direct line of authority. This role has ownership of decision-making for their area of responsibility within the business unit.
  • Deep organizational awareness and ability to navigate the complex DT and Deloitte network and business, to effectively deliver IT certifications that meet business need.
  • Ability to proactively research and understand A&C regulatory landscape, best practices, and adjust A&C roadmap as required

Influence and Impact

  • This role interacts with and influences DT leadership, MF IT leaders, as well as working effectively with Global Businesses. Ability to identify and influence senior DT leadership, resulting in successful collaboration and outcomes. Maintain effective relationships with DT and MF stakeholders to effectively communicate the audit & certification objectives, coordinate with DT service areas and control owners to ensure controls are designed, implemented and operate effectively.
  • Act as point person in providing a consolidated view of audit issues, summary to GRC Leader as needed.
  • Interact with IT Leaders in raising awareness and provide guidance on scope of audits and certification activities and implications to front line teams.

Leadership/Talent Development

  • This role is responsible for talent strategy and decisions, defining and creating A&C team operating models, resourcing, and performance management. Attract, recruit, coach, reward and retain talent, foster a diverse and high-performing team with the right competencies.
  • A&C Lead defines team members’ roles and responsibilities and articulates how they support overall goals and shared purpose. This role creates positive team building activities to allow the A&C to leverage the team to deliver effective solutions and achieve superior performance for the business. This role builds and leads a team by articulating a shared sense of purpose, defining roles, responsibilities, and performance management expectations.

The team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Qualifications

  • Extensive leadership experience in a Global IT Organization
  • ISO 27001 and SOC 2 qualifications and experience
  • Knowledge of Deloitte beneficial

Our culture

At Deloitte Global people are valued and respected for who they are – with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.

Professional development

From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Benefits

At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

Recruiting for this role ends on November 20, 2024.
Deloitte Global is required by local law to include a reasonable estimate of the compensation range for this role for individuals applying to work in our Chicago, Minneapolis locations. This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and delivery model. We would not anticipate that the individual hired into this role would land at or near the top end of the range, but such a decision will be dependent on the facts and circumstances of each case. A reasonable estimate of the range is $ - $ for individuals applying to work in these locations.


At Deloitte Global, we know we’re at our best when we look out for one another; prioritize respect, fairness, development and wellbeing; foster an inclusive culture and embrace diversity in all forms. All qualified applicants will receive consideration for employment regardless of their background, experience, identity, ability or thinking style, and if you need assistance or an accommodation during the application process for accessibility reasons this is available upon request. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.
November 20, 2024
Chicago, Minneapolis