Risk Management - Strategy, Governance and Programs Manager
Deloitte Technology Risk Management Posted: 30-Nov-2022
Atlanta, Georgia, United States
Austin, Texas, United States
Charlotte, North Carolina, United States
Cincinnati, Ohio, United States
Dallas, Texas, United States
Hermitage, Tennessee, United States
Houston, Texas, United States
Miami, Florida, United States
Orlando, Florida, United States
San Antonio, Texas, United States
Tampa, Florida, United States
Toronto, Ontario, Canada
Work you'll do
As the Risk Management - Strategy, Governance & Programs Manager within the Deloitte Technology (DT) Cybersecurity organization you will be accountable for the development of key components of Deloitte Technology’s risk management strategy. The role will also entail operational responsibility for managing elements of the risk governance program within DT, and the leadership of select critical risk programs and initiatives that implement and further the DT risk strategy and support the first line of defense (1LOD) against technology risks and threats.
This role requires the ability to work cross-functionally within a complex and highly matrixed organization as well as the ability to clearly communicate to, influence and persuade stakeholders at the senior leadership level.
Some specific responsibilities of the role will include:
- Working proactively with leadership to drive the development, evolution and refinement of Deloitte Technology’s risk management strategy – including definition of key priorities, objectives, capabilities, initiatives, operating model, and interaction models with member firms and operational DT service areas.
- Developing a network of risk management champions (across DT service areas and Deloitte member firms) to shape & embed the DT risk management program within and across our operational service lines.
- Leading the operations of Deloitte Technology’s risk governance including communications with key stakeholders, maintenance of the committee roster, calendar, agendas and decisions/key actions. Maintain interactions with governance teams supporting other key related committees.
- Contributing to the management and planning of the DevHub program for certification of solution development organizations. This includes managing updates to the technical validation elements of the Technical Certification Framework (TCF), and management of interactions with DT PMO, DTTL Strategy & Innovation, Global Risk and other key stakeholders.
- Contributing to the development and maintenance of a consolidated IT Risk reporting capability to provide consistent and regular visibility to senior leadership regarding critical IT risks across Deloitte Technology.
- Definition and refinement of program metrics (KPIs/KRIs) to measure and demonstrate program effectiveness and for providing visibility into risks to senior leadership.
- Development of additional detailed reporting, dashboards and analysis on program status, effectiveness and progress as needed.
- Driving risk management best practices and develop easy to use tools, products and templates for use across Deloitte Technology service areas.
- Contributing to the development / configuration of enabling tools to support IT risk management functions across Deloitte Technology service areas (e.g. GRC).
- Leading (and/or contributing to) special or ad-hoc projects and initiatives within DT Risk Management as needed to support the implementation of the DT risk strategy and to achieve key objectives.
- Contributing to an environment that fosters innovation and enables continuous improvement of the risk and compliance mindset across Deloitte Technology, potentially including developing content for a training and awareness program.
- Interact in both oral and written communications in matters related to information technology risk with all levels of Deloitte Technology including senior leadership, global risk, office of general counsel (OGC), auditors, customers, engineering / solution development teams, and technology vendors and contractors.
The team
Qualifications
- Bachelor’s degree in business, management, accounting, information systems, computer science, engineering or related field; or equivalent practical experience or applicable certification (CRISC, CISA, CISSP).
- At least 3 years of industry experience in risk management and compliance
- Experience with risk management frameworks, cloud, infrastructure and cybersecurity controls and translating regulatory risks to standards and technical requirements
- Working knowledge of various control frameworks (NIST 800 series, ISO27001, SOX, SOC, GDPR, HIPAA, PCI).
- Ability to distill pertinent information from disparate information sources and recommend/deliver effective, balanced recommendations and outcomes
- Ability to quickly adapt to shifting priorities, demands and timelines through both analytical and problem-solving capabilities.
- Proven management people, program and project management skills leading to successful execution of established goals and objectives.
- Demonstrated experience as a strong cross-group collaborator and team player, dealing with complexity conflict resolution, and influencing cross-functionally
- Familiarity with governance, risk and compliance (GRC) tools/platforms.