Manager, Technology Risk Management (Client/Regulator Inquiries and Audit Oversight)

Risk Risk Management Posted: 24-May-2022

Same job available in 20 locations

Ann Arbor, Michigan, United States

Atlanta, Georgia, United States

Austin, Texas, United States

Baltimore, Maryland, United States

Cardiff, United Kingdom, United Kingdom

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Dallas, Texas, United States

Detroit, Michigan, United States

Halifax, Nova Scotia, Canada

Hermitage, Tennessee, United States

Houston, Texas, United States

Jacksonville, Florida, United States

London, United Kingdom, United Kingdom

Miami, Florida, United States

Philadelphia, Pennsylvania, United States

Phoenix, Arizona, United States

Toronto, Ontario, Canada

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do


  • Provides leadership in understanding expectations and responding in a timely manner to information security inquiries from clients, regulators and MFs while being strategic about the extent, timing and nature of information communicated
  • Keep abreast of needs for new global policies, standards, and controls in the context of trends in multinational and local client requests
  • Leadership in anticipating requirements from clients, regulators and MFs and garnering a solid and reliable base of relevant information from a variety of sources proactively, so that we can be responsive to client, regulator and MF inquiries
  • Providing support and subject matter expertise in helping shape our policies and standards to align with client, regulator and MF expectations
  • Performing periodic updates and refining “best practices” for global and local security processes, procedures, and tools to improve automation and efficiencies


  • Provide leadership for the central service that handles responses to global cross border and non-cross border information security inquiries delivered through the combination of a global central shared service and a global delivery team
  • Ensure maintenance of a repository of previously completed information security requests and approved MF responses in standard answers banks, and perform annual reviews to ensure the repository is up to date
  • Ensure that necessary processes and protocols are in place and updated periodically to centralize to the extent possible client, regulator and MF information security inquiries into the global shared service channel
  • Manage rollout of new/updated processes, procedures, and tools that include communication, training, and support
  • Monitor and provide input on the planning (scope, timing, etc.) of audit and certification to align with anticipated needs of clients, regulators and MFs
  • Manage the completion of audit and certification coordination activities (scoping, data and evidence gathering, refinement, etc.) and facilitate staff as they analyze and evaluate various requests
  • Report and escalate risks and issues with deliverables requested by client, regulatory and/or MF audits, and actively follow-up for corrective action/progress against issues reported in audits and escalate where necessary
  • Assist in determining potential risks, understanding forward-looking regulations, identifying high-value audit areas, and providing guidance on audit scope

Relationship Management

  • Maintain effective relationships with various Global Risk, Deloitte Technology and MF stakeholders to effectively communicate the audit objectives and ensure audit, certifications and client's inquiries are completed as efficiently and effectively as possible
  • Proactively collaborate on an ongoing basis with 1LOD TRM in identifying, reporting, and mitigating technology risk issues and providing proactive guidance on scope of audit & certification
  • Liaising between member firms, Deloitte Global resources, and SMEs by creating and fostering strong firmwide relationships that include regular touchpoints
  • Assist in consolidating client inquiries and audit results and engage the relevant 1LOD team for remediation validation testing when issues are resolved

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

Global Risk develops programs, processes, and resources to preserve, protect, and enhance the Deloitte brand around the world. We identify new and emerging risks that might impact the network, mitigate threats as they are identified and proactively engage key stakeholders to develop identification and mitigation procedures.


  • Bachelor’s Degree or higher in business administration, a technology-related field or equivalent experience
  • Eight (8) or more years demonstrated experience in developing and applying leading practices in a large scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
  • Five (5) or more years of people management experience and proven leadership and coaching abilities.
  • Required Skills/abilities
  • Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF)
  • Advanced knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework
  • Advanced knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR)
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders
  • Effective relationship-building, communication, presentation, and interpersonal skills
  • Highly disciplined, with strong organizational abilities
  • Ability to multi-task, prioritize work and work independently
  • Possess exceptional level of integrity and customer focus
  • Bilingual English and 1 other language French, Spanish, German, or Japanese a plus
  • One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.