Technology Risk Management-Governance Sr. Manager

Risk Risk Management Posted: 27-Jul-2022

Same job available in 19 locations

Atlanta, Georgia, United States

Baltimore, Maryland, United States

Calgary, Alberta, Canada

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Columbus, Ohio, United States

Dallas, Texas, United States

Hermitage, Tennessee, United States

Houston, Texas, United States

Jacksonville, Florida, United States

Memphis, Tennessee, United States

Miami, Florida, United States

Nashville, Tennessee, United States

Philadelphia, Pennsylvania, United States

Phoenix, Arizona, United States

Tampa, Florida, United States

Toronto, Ontario, Canada

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do

Our Global Independent Technology Risk Management team, an independent team from the technology organization, that rolls up into our Global Risk organization led by the Global Chief Risk Officer, is currently seeking a Senior Manager to support the Technology Risk Management team.  Serving as a subject matter expert, this individual oversees and continuously enhances the technology risk management governance capabilities supporting the risk management interests of the firm across technology environments. This individual will play a key role in contributing to a range of risk governance activities and change initiatives to support key elements of the firm’s risk management framework. This includes working with a wide range of global senior stakeholders to optimize our governance processes over core risk management framework elements across technology risks, such as risk appetite governance and risk reporting.

To be successful in this role, you will enjoy working in a fast paced, changing environment and can think strategically while also having an eye for detail. You’ll be a confident communicator, tenacious and agile with a proven ability to sustain high levels of performance in a dynamic environment.


·       Lead in shaping the technology risk governance operating model including intake, articulation of technology risk appetite in ways that first line of defense can understand and implement, nature and extent of risk governance activities and risk reporting.
·       Lead in establishing robust processes for policies and standards exceptions management approvals, tracking, remediation, and periodic reviews.
·       Provide risk management performance insights through an ongoing process of gathering and analyzing risk management and compliance outcomes; develop executive level technology risk reporting contents, communicate risk opinions at various levels of management, and enable technology teams to consume and apply the messages to their respective areas.
·       Lead development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
·       Establish practices and communications to foster a culture of issue self-identification and support relevant stakeholders in the risk issue management processes to carry out their roles effectively and consistently.
·       Foster and encourage an agile mindset to enable effective technology risk governance while driving adaptability to ongoing changes in technologies, risks, regulations, and stakeholder expectations.
·       Lead development of the programs and initiatives to stay well-informed in the knowledge domains relevant to technology risk management.


·       Support the Technology Risk Leadership in facilitating the process and driving outcomes such as approval of technology & cyber risk policies (including new policies, periodic review, etc.) as well as approval of compliance exception requests related to standards.
·       Maintain effective follow-up and tracking on remediation and escalation of policy exceptions.
·       Clarify risk appetite metrics and thresholds in a manner that enables the firm to articulate risk-taking activities through a business lens.
·       Understand second line of defense technology needs and support the selection of technology solutions by collaborating with and communicating the technology risk requirements to internal stakeholders.
·       Provide end-to-end support for the governance process, including development of rolling agendas, review materials and preparation of minutes and follow-up actions.
·       Help ensure that risk committees, sub-committees, and related working groups operate effectively with defined levels of authority and escalation paths.
·       Act as risk advisor and work closely with the technology organization and provide risk insights and industry perspective to support risk decisions.
·       Lead development and delivery of onboarding and training programs on technology risk management discipline to promote a culture of intelligent risk taking and value delivery.
·       Lead select aspects of the annual strategic planning and budget processes for technology risk management program.
·       Manage, coach and develop teams.

Relationship Management

·       Collaborate with first line of defense Technology Risk Management and within second line of defense Independent Technology Risk Function in the proactive governing and escalation of issues raised in the course of managing end-to-end processes for risk committees.
·       Interact with Deloitte Technology, Member Firms’, and Global Lines of Business’ Technology, first line of defense Technology Risk Management, Internal Audit, and other function.
·       Manage various global stakeholders across levels (including executives) and engage in resolution of issues raised.

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

Global Risk develops programs, processes, and resources to preserve, protect, and enhance the Deloitte brand around the world. We identify new and emerging risks that might impact the network, mitigate threats as they are identified and proactively engage key stakeholders to develop identification and mitigation procedures. 



·       Bachelor’s Degree or higher in business administration, a technology-related field, or equivalent education-related experience

Work experience

·       Eight (8) or more years demonstrated experience in developing and applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience. At least two years of experience in second line of defense Risk Management or Compliance functions is strongly preferred.
·       Experience in highly regulated industries is preferred.
·       Five (5) or more years of people management experience and proven leadership and coaching abilities.
·       Working knowledge of GRC tools (e.g., ServiceNow, Archer, etc.) and Unified Compliance Framework (UCF)
·       Advanced knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC 2 reporting framework
·       Advanced knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR)
·       Advanced working knowledge in two or more of the following IT and risk domains: cloud hosting, infrastructure, cyber security, secure SDLC, service management, data protection, privacy, IT risk management, maturity assessments, third-party risk management.
·       Working knowledge of emerging IT risks and risk-intelligent adoption of new and existing technologies
(Cloud, RPA, Artificial Intelligence) and ways of working (Agile/SAFe) in the context of applicable regulatory requirements and IT delivery model.
·       Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
·       Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) and senior management.
·       Experience with developing executive level risk management reporting.
·       Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
·       Effective relationship-building, communication, presentation, and interpersonal skills.
·       Highly disciplined, with strong organizational abilities.
·       Ability to multi-task, prioritize work and work independently.
·       Possess exceptional level of integrity and customer focus.

Required Licensed or certifications

·       One or more of CISA, CRISC, CIA, CISM, CISSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered.

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.