Manager, Technology Risk Management - Governance and Strategy

Risk Risk Management Posted: 05-Sep-2022

Same job available in 17 locations

Ann Arbor, Michigan, United States

Atlanta, Georgia, United States

Austin, Texas, United States

Baltimore, Maryland, United States

Cardiff, United Kingdom, United Kingdom

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Dallas, Texas, United States

Grand Rapids, Michigan, United States

Houston, Texas, United States

Indianapolis, Indiana, United States

London, United Kingdom, United Kingdom

Miami, Florida, United States

Phoenix, Arizona, United States

Toronto, Ontario, Canada

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Work you'll do


  • Align with leadership and actively contribute to the development, implementation, and maintenance of a firm’s technology risk management strategy, methodology and culture.
  • Gain awareness of new and emerging technologies being deployed and help ensure risk assessment processes are appropriately applied.
  • Actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Help keep the team’s knowledge up to date so that risk management best practices can be recommended to and used by colleagues across levels, including executive management.
  • Foster and encourages an agile mind set to enable effective technology risk management while driving adaptability to ongoing changes in technologies, risks, regulations, and stakeholder expectations.
  • Foster and encourages continuous learning and development of the team members through personal examples, to stay well-informed in the knowledge domains relevant to technology risk management.


  • Serve as a subject matter expert to technology functions for technology risk management requirements according to regulatory requirements, firm policy, client commitments, etc.
  • Responsible for continuously improving and updating the technology risk management program, and controls monitoring.
  • Manage notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
  • Provide input into the annual strategic planning and budget processes for technology risk management program.
  • Identify and put in place the systems and tools, protocols, analysis methodology and reporting processes necessary to identify, analyze, quantify, monitor and mitigate / control technology risks.
  • Facilitate cross-disciplinary coordination for risk analysis, remediation scoping, reporting and engagement with stakeholders.
  • Manage various technology risk management initiatives in accordance with annual objectives and manage multiple complex technology risk management projects throughout the organization.
  • Contribute to the development and continuous improvement of the technology risk management framework to promote the achievement of firm objectives and safeguard the firm’s reputation.
  • Help ensure the maintenance, updating and development of training programs on technology risk management and risk governance, risk reporting for stakeholders to ensure that they are at the leading edge of integrated risk management.
  • As part of cross-training, assist with technology risk assessments and report on findings, consult on remediation plans, track status, aggregate results, and report to management / leadership.
  • As part of cross-training, assist with deep-dive controls testing for high-risk areas within technology for independent validation of issues and remediation efforts.
  • Perform other duties as assigned by the Senior Manager within the Independent IT Risk.

Relationship Management:

  • Build strong relationships with internal key stakeholders within  second line of defense Independent Technology Risk Function, relevant first line of defense  Technology Risk Management and technology teams.
  • Motivate and encourages assigned employees to support and take ownership of IT risk management activities and initiatives to optimize decision quality and exceed expected results.
  • Manage team member performance by engaging and providing feedback to team members, as well as by communicating the firm’s goals and their role in achieving them.
  • Foster a diverse and high-performance culture with the right competencies.

The team

Global Risk develops programs, processes, and resources to preserve, protect, and enhance the Deloitte brand around the world. We identify new and emerging risks that might impact the network, mitigate threats as they are identified and proactively engage key stakeholders to develop identification and mitigation procedures.


  • Bachelor’s Degree or higher in business administration, a technology-related field, or equivalent education-related experience.
  • Five (5) or more years of demonstrated experience in developing and applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
  • Experience in highly regulated industries is preferred.
  • Two (2) or more years of people management experience and proven leadership and coaching abilities.
  • Working knowledge of GRC tools (e.g., ServiceNow, Archer, etc.) and Unified Compliance Framework (UCF).
  • Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
  • Working knowledge in two or more of the following IT and risk domains: cloud hosting, infrastructure, cyber security, secure SDLC, service management, data protection, privacy, IT risk management, maturity assessments, third-party risk management.
  • Working knowledge of emerging IT risks and risk-intelligent adoption of new and existing technologies
  • (Cloud, RPA, Artificial Intelligence) and ways of working (Agile/SAFe) in the context of applicable regulatory requirements and IT delivery model.
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management.
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
  • One or more of CISA, CRISC, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered.

Our culture

At Deloitte Global people are valued and respected for who they are – with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.

Professional development

From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.


At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

At Deloitte Global, we know we’re at our best when we look out for one another; prioritize respect, fairness, development and wellbeing; foster an inclusive culture and embrace diversity in all forms. All qualified applicants will receive consideration for employment regardless of their background, experience, identity, ability or thinking style, and if you need assistance or an accommodation during the application process for accessibility reasons this is available upon request. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.