Technology Risk Senior Analyst - Client/Regulator Inquiries and Audit Oversight

Risk Risk Management Posted: 18-Feb-2022

Same job available in 25 locations

Arlington, Virginia, United States

Atlanta, Georgia, United States

Austin, Texas, United States

Boca Raton, Florida, United States

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Columbus, Ohio, United States

Dallas, Texas, United States

Glen Mills, Pennsylvania, United States

Greater Toronto, Ontario, Canada

Hermitage, Tennessee, United States

Houston, Texas, United States

Indianapolis, Indiana, United States

Miami, Florida, United States

Minneapolis, Minnesota, United States

Nashville, Tennessee, United States

Omaha, Nebraska, United States

Philadelphia, Pennsylvania, United States

Raleigh, North Carolina, United States

Richmond, Virginia, United States

San Antonio, Texas, United States

Tampa, Florida, United States

Washington Dc, Virginia, United States

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do

Strategic

  • Aligns with the firm’s technology risk management strategy and with leadership and actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Stays up to date and gains awareness of global security policies, standards, and controls, the current technology landscape, as well as new and emerging technologies being deployed and their impact on client, regulator and member firm risk responses.
  • Demonstrates and encourages an agile mind set to enable effective IT risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations. 

Operational

Operational responsibilities of this role will include one or more of the following

  • Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the combination of global central service and a global delivery team.
    • Responsible for identifying, gathering and pre-populating responses to questions/inquiries using one or more Standard Answer Banks (SABs).
    • Responsible for selecting relevant and valid security and assurance statements according to the specific inquiry and submitting these to the respective Client Security Lead.
    • Responsible for ensuring the quality and consistency of the work of Junior Analysts (where applicable).
    • Responsible for identifying the remaining questions that cannot be pre-populated by Junior Analysts (where applicable) and whether consultation is needed with the Client Security Lead.
    • Responsible for assigning and planning tasks to a team of Junior Analysts (where applicable).
    • Connecting with the Client Security Leads/Subject Matter Experts to improve delivery quality.
    • Responsible for highlighting issues found in the Standard Answer Banks (SABs) and illustrating where changes are necessary.
    • SAB maintenance (e.g., following up with owners on expired answers and if they need updating).
  • Support the Technology Risk Manager in activities related to information security inquiries, including:
    • Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits.
    • Gathering data and refinement activities using the global delivery team.
  • Support the Technology Risk Manager for the monitoring of audits and certifications:
    • Assist with monitoring and providing input on the planning (scope, timing, etc.) of audits and certifications to align with anticipated needs of clients, regulators and MFs. 
    • Assist with manage the completion of audit and certification coordination activities (scoping, data and evidence gathering, refinement, etc.) and facilitate staff as they analyze and evaluate various requests.
  • Demonstrate and apply strong project management skills, inspire teamwork and responsibility with team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
  • Supports initiatives to educate technology functions on technology risk management requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
  • Demonstrate and apply a thorough understanding of technology trends to identify issues and communicate this information to the management team through written correspondence and verbal presentations.
  • Performs other job-related duties as assigned by the Manager within the Independent IT Risk function, Client/Regulator Inquiries & Audit Oversight team.

Relationship Management

  • Builds strong relationships with internal key stakeholders within Global Risk, 2LOD IT Risk, relevant 1LOD TRM and technology teams, member firms client security leads and other Global and member firm SMEs as needed. 
  • Maintaining regular communication with the management team.

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

Deloitte Global Risk makes an impact by developing programs, processes and resources to preserve, protect and enhance the Deloitte brand. We identify new and emerging risks that could significantly impact the network, mitigate risks as they occur, proactively engage with regulators and key stakeholders that impact professional services, and build a clear voice around select policy topics around the globe.

Qualifications:

Education 

  • Bachelor’s Degree or higher in business administration, a technology-related field, or equivalent experience.

Work experience

  • Three (3) to five (5) years demonstrated experience in applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience. 

Required Skills/abilities 

  • Proficient English skills in reading and writing, and the ability to understand nuances.
  • Basic knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management 
  • Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF).
  • Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
  • Effective relationship-building, communication, presentation, and interpersonal skills.
  • Highly disciplined, with strong organizational abilities.
  • Ability to multi-task, prioritize work and work independently.
  • Possess exceptional level of integrity and customer focus.

Other Qualifications:

Preferred Skills/abilities 

  • Bilingual English and 1 other language French, Spanish, German, or Japanese a plus.

Required Licensed or certifications

  • One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered.

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.