Technology Risk Manager-Independent IT Assessment

Risk Risk Management Posted: 26-Oct-2022

Same job available in 20 locations

Atlanta, Georgia, United States

Baltimore, Maryland, United States

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Columbus, Ohio, United States

Dallas, Texas, United States

Glen Mills, Pennsylvania, United States

Grand Rapids, Michigan, United States

Hermitage, Tennessee, United States

Houston, Texas, United States

Indianapolis, Indiana, United States

Jacksonville, Florida, United States

Memphis, Tennessee, United States

Miami, Florida, United States

Nashville, Tennessee, United States

Orlando, Florida, United States

Philadelphia, Pennsylvania, United States

Tampa, Florida, United States

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Work you'll do

Strategic

  • Aligns with leadership and actively contribute to the development, implementation, and maintenance of a firm’s technology risk management strategy, methodology and culture.
  • Gains awareness of new and emerging technologies being deployed and ensure risk assessment processes are appropriately applied. 
  • Support IT organizational maturity development in Deloitte Member Firms, leveraging the Member Firm Standards. 
  • Assist design of implementable risk governance methodologies and programs that deliver on stakeholder expectations and drive the strategic and annual planning processes with a focus on maturing the IT & Cyber Risk Management capabilities.
  • Actively contributes to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Keeps the team’s knowledge up to date so that risk management best practices can be recommended to and used by colleagues across levels, including executive management.
  • Fosters and encourages an agile mind set to enable effective technology risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.
  • Advise member firms on technologies, processes and procedures to address gaps in conjunction with the Deloitte Technology and Integrity strategies. 
  • Advise on the development to the cyber and technology assessment criteria at the start of each assessment cycle - in conjunction with the Global Integrity Assessment Service Leader and the relevant subject matter experts

  Operational

  • Manages technology risk assessments and reports on findings, consult on remediation plans, track status, aggregate results, and report to management / leadership.
  • Manages deep-dive controls testing for high risk areas within technology for independent validation of issues and remediation efforts. 
  • Serves as a subject matter expert to technology functions for technology risk management requirements according to regulatory requirements, firm policy, client commitments, etc.
  • Lead Assessments for geographies within Member Firms completing remote/virtual onsite assessments with various subject matter experts 
  • Responsible for continuously improving and updating the technology risk management program, and controls monitoring.
  • Manages notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
  • Provides input into the annual strategic planning and budget processes for technology risk management program. 
  • Identifies and puts in place the systems and tools, protocols, analysis methodology and reporting processes necessary to identify, analyze, quantify, monitor and mitigate / control technology risks. 
  • Facilitates cross-disciplinary coordination for risk analysis, remediation scoping, reporting and engagement with stakeholders. 
  • Manages various technology risk management initiatives in accordance with annual objectives and manage multiple complex technology risk management projects throughout the organization. 
  • Contributes to the development and continuous improvement of the technology risk management framework to promote the achievement of firm objectives and safeguard the firm’s reputation. 
  • Ensures the maintenance, updating and development of training programs on technology risk management and risk governance, risk reporting for stakeholders to ensure that they are at the leading edge of integrated risk management.
  • Support accelerated improvement to meet needs of member firms, global stakeholders and executive requirements such as compliance with Technology and Risk Standards.
  • Population of compliance tools with compliance assessment results, where necessary, to provide a comprehensive view of Member Firm compliance across all assessed standards compliance with Technology and Risk Standards. 
  • Performs other duties as assigned by the Senior Manager within the Independent IT Risk.   

Relationship Management 

  • Builds strong relationships with internal key stakeholders within second line of defense (2LoD) Technology Risk, relevant first line of defense (1LoD) Technology Risk Management and technology teams. 
  • Work closely with colleagues in the Independent Technology Risk leader and collaborate with the First line of defense leaders to provide a risk governance and Member Firm perspectives during risk taking or key risk management activities to help maintain residual risks within Deloitte’s Technology risk appetite. 
  • Liaise closely with the Deloitte Technology organization to strengthen the services and support that we provide to member firms
  • Motivates and encourages assigned employees to support and take ownership of technology risk management activities and initiatives to optimize decision quality and exceed expected results.
  • Manages team member performance by engaging and providing feedback to team members, as well as by communicating the firm’s goals and their role in achieving them.
  • Assist the Independent Technology Risk Leader prepare for Governance meetings, liaising with regulatory bodies and external stakeholders.
  • Escalate finding bringing the Member Firm priorities into the spotlight even when they clash with those of the wider Deloitte firm and Deloitte Technology globally Support Deloitte Technology Leaders to develop and manage relationships with Member Firms, taking into consideration different cultural, legislative, and Member Firm issues.  

The team

Global Risk develops programs, processes, and resources to preserve, protect, and enhance the Deloitte brand around the world. We identify new and emerging risks that might impact the network, mitigate threats as they are identified and proactively engage key stakeholders to develop identification and mitigation procedures.

Qualifications

  • Five (5) or more years of demonstrated experience in developing and applying leading practices in a large scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience. 
  • Two (2) or more years of people management experience and proven leadership and coaching abilities. 
  • Able to demonstrate good relationship management skills  
  • Working knowledge of Governance Risk Compliance (GRC) tools (e.g., ServiceNow ideal or Archer, etc.) and Unified Compliance Framework (UCF) 
  • Good knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR). 
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security or Technology environments. 
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) or senior management. 
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders. 
  • Effective relationship-building, communication, presentation, and interpersonal skills. ·       Highly disciplined, with strong organizational abilities.
  • Ability to multi-task, prioritize work and work independently.
  • Possess exceptional level of integrity and customer focus. Required Licensed or certifications 
  • One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2, ISO27032 Lead Cybersecurity Manager or similar certifications strongly preferred but equivalent knowledge will be considered   
  • Bachelor’s Degree or higher in business administration, a technology-related field, or equivalent experience    
  • IT Operations and Service Management with strong understanding of ITIL framework (ITIL certification an asset) 
  • An understanding of the principles around CMMI, COBIT, ITIL, PMI, Prince2, Agile/SAFe ·      Application development experience with strong understanding of system development life cycles approaches and concepts (CMMI knowledge an asset)

Our culture

At Deloitte Global people are valued and respected for who they are – with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.

Professional development

From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Benefits

At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.


At Deloitte Global, we know we’re at our best when we look out for one another; prioritize respect, fairness, development and wellbeing; foster an inclusive culture and embrace diversity in all forms. All qualified applicants will receive consideration for employment regardless of their background, experience, identity, ability or thinking style, and if you need assistance or an accommodation during the application process for accessibility reasons this is available upon request. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.