Manager, Technology Risk Management - Governance and Strategy

Risk Risk Management Posted: 05-Sep-2022

Same job available in 17 locations

Ann Arbor, Michigan, United States

Atlanta, Georgia, United States

Austin, Texas, United States

Baltimore, Maryland, United States

Cardiff, United Kingdom, United Kingdom

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Dallas, Texas, United States

Grand Rapids, Michigan, United States

Houston, Texas, United States

Indianapolis, Indiana, United States

London, United Kingdom, United Kingdom

Miami, Florida, United States

Phoenix, Arizona, United States

Toronto, Ontario, Canada

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do


  • Align with leadership and actively contribute to the development, implementation, and maintenance of a firm’s technology risk management strategy, methodology and culture.
  • Gain awareness of new and emerging technologies being deployed and help ensure risk assessment processes are appropriately applied.
  • Actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Help keep the team’s knowledge up to date so that risk management best practices can be recommended to and used by colleagues across levels, including executive management.
  • Foster and encourages an agile mind set to enable effective technology risk management while driving adaptability to ongoing changes in technologies, risks, regulations, and stakeholder expectations.
  • Foster and encourages continuous learning and development of the team members through personal examples, to stay well-informed in the knowledge domains relevant to technology risk management.


  • Serve as a subject matter expert to technology functions for technology risk management requirements according to regulatory requirements, firm policy, client commitments, etc.
  • Responsible for continuously improving and updating the technology risk management program, and controls monitoring.
  • Manage notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
  • Provide input into the annual strategic planning and budget processes for technology risk management program.
  • Identify and put in place the systems and tools, protocols, analysis methodology and reporting processes necessary to identify, analyze, quantify, monitor and mitigate / control technology risks.
  • Facilitate cross-disciplinary coordination for risk analysis, remediation scoping, reporting and engagement with stakeholders.
  • Manage various technology risk management initiatives in accordance with annual objectives and manage multiple complex technology risk management projects throughout the organization.
  • Contribute to the development and continuous improvement of the technology risk management framework to promote the achievement of firm objectives and safeguard the firm’s reputation.
  • Help ensure the maintenance, updating and development of training programs on technology risk management and risk governance, risk reporting for stakeholders to ensure that they are at the leading edge of integrated risk management.
  • As part of cross-training, assist with technology risk assessments and report on findings, consult on remediation plans, track status, aggregate results, and report to management / leadership.
  • As part of cross-training, assist with deep-dive controls testing for high-risk areas within technology for independent validation of issues and remediation efforts.
  • Perform other duties as assigned by the Senior Manager within the Independent IT Risk.

Relationship Management:

  • Build strong relationships with internal key stakeholders within  second line of defense Independent Technology Risk Function, relevant first line of defense  Technology Risk Management and technology teams.
  • Motivate and encourages assigned employees to support and take ownership of IT risk management activities and initiatives to optimize decision quality and exceed expected results.
  • Manage team member performance by engaging and providing feedback to team members, as well as by communicating the firm’s goals and their role in achieving them.
  • Foster a diverse and high-performance culture with the right competencies.

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

Global Risk develops programs, processes, and resources to preserve, protect, and enhance the Deloitte brand around the world. We identify new and emerging risks that might impact the network, mitigate threats as they are identified and proactively engage key stakeholders to develop identification and mitigation procedures.


  • Bachelor’s Degree or higher in business administration, a technology-related field, or equivalent education-related experience.
  • Five (5) or more years of demonstrated experience in developing and applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
  • Experience in highly regulated industries is preferred.
  • Two (2) or more years of people management experience and proven leadership and coaching abilities.
  • Working knowledge of GRC tools (e.g., ServiceNow, Archer, etc.) and Unified Compliance Framework (UCF).
  • Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
  • Working knowledge in two or more of the following IT and risk domains: cloud hosting, infrastructure, cyber security, secure SDLC, service management, data protection, privacy, IT risk management, maturity assessments, third-party risk management.
  • Working knowledge of emerging IT risks and risk-intelligent adoption of new and existing technologies
  • (Cloud, RPA, Artificial Intelligence) and ways of working (Agile/SAFe) in the context of applicable regulatory requirements and IT delivery model.
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management.
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
  • One or more of CISA, CRISC, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered.

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.