Risk Management - Policies, Standards and Frameworks Manager

Deloitte Technology Risk Management Posted: 30-Nov-2022

Same job available in 11 locations

Atlanta, Georgia, United States

Austin, Texas, United States

Charlotte, North Carolina, United States

Dallas, Texas, United States

Hermitage, Tennessee, United States

Houston, Texas, United States

Kansas City, Missouri, United States

Miami, Florida, United States

San Antonio, Texas, United States

Tampa, Florida, United States

Toronto, Ontario, Canada

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Work you'll do

As the Risk Management - Policies, Standards & Frameworks Manager within Deloitte Technology (DT) Cybersecurity organization you will be accountable for the development and evolution of risk frameworks, policies and standards to further DT’s risk management strategy, further a risk-aware culture and secure our global technology delivery capabilities.

You will also be responsible for collaborating with risk management leads and subject matter experts in each DT service area to develop and evolve technology policies and standards that align with the risk framework(s) and support the first line of defense (1LOD) against technology risks and threats. This will involve close collaboration with key stakeholders across DT including operational service areas, global risk and legal, business technology leadership and senior executives.

Some specific responsibilities of the role will include:

  • Development and maintenance of an IT risk framework for use across Deloitte Technology service areas to enable greater consistency, leadership visibility into risks and to further development of a risk-aware culture.
  • Lead the development and implementation of effective and appropriate technology policies, standards and practices in collaboration with each DT service area - defining compliance requirements that address the organization’s key risks and continue alignment with industry best practices and certifications.
  • Leading a strategic review of existing risk management policies across Deloitte Technology for gaps, improvement areas, streamlining, simplification and/or revision (in coordination with Global Risk).
  • Management of the Technology Operating Model (TOM) program – which addresses risks in technology asset development by defining the expected technical validation and enterprise risk review requirements for software or solutions built or procured within Deloitte.
  • Contribute to the development / configuration of enabling tools to support IT risk management functions across Deloitte Technology service areas (e.g. GRC).
  • Contribute to the development and maintenance of a consolidated Integrated Risk Library (IRL) and Integrated Control Library (ICL) for use across Deloitte Technology service areas.
  • Lead (and/or participate in) special or ad-hoc projects and initiatives within DT Risk Management as needed to support the implementation of the DT risk strategy / to achieve key objectives.
  • Contribute to an environment that fosters innovation and enables continuous improvement of the risk and compliance mindset across Deloitte Technology.
  • Interact in both oral and written communications in matters related to information technology risk with all levels of Deloitte Technology including senior leadership, global risk, office of general counsel (OGC), auditors, customers, engineering / solution development teams, and technology vendors and contractors.

The team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.


  • Bachelor’s degree (or greater) in business, management, accounting, information systems, computer science, engineering or related field; or equivalent practical experience or applicable certification (CRISC, CISA, CISSP).
  • At least 3 years of industry experience in risk management and compliance.
  • Ability to work cross-functionally within a complex and highly matrixed organization as well as the ability to clearly communicate to, influence and persuade stakeholders at the senior leadership level.
  • Experience with risk management frameworks, cloud, infrastructure and cybersecurity controls and translating regulatory risks to standards and technical requirements.
  • Working knowledge of various control frameworks (NIST 800 series, ISO27001, SOX, SOC, GDPR, HIPAA, PCI) is beneficial.
  • Ability to distill pertinent information from disparate information sources and recommend/deliver effective, balanced recommendations and outcomes.
  • Ability to quickly adapt to shifting priorities, demands and timelines through both analytical and problem-solving capabilities.
  • Proven management people, program and project management skills leading to successful execution of established goals and objectives.
  • Demonstrated experience as a strong cross-group collaborator and team player, dealing with complexity conflict resolution, and influencing cross-functionally.
  • Familiarity with governance, risk and compliance (GRC) tools/platforms.

Our culture

At Deloitte Global people are valued and respected for who they are – with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.

Professional development

From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.


At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

At Deloitte Global, we know we’re at our best when we look out for one another; prioritize respect, fairness, development and wellbeing; foster an inclusive culture and embrace diversity in all forms. All qualified applicants will receive consideration for employment regardless of their background, experience, identity, ability or thinking style, and if you need assistance or an accommodation during the application process for accessibility reasons this is available upon request. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.