Risk Specialist - Vendor Risk Assessment

Cyber Security Cyber Risk Posted: 21-Aug-2022

Same job available in 11 locations

Atlanta, Georgia, United States

Austin, Texas, United States

Cincinnati, Ohio, United States

Columbus, Ohio, United States

Dallas, Texas, United States

Hermitage, Tennessee, United States

Houston, Texas, United States

Miami, Florida, United States

Orlando, Florida, United States

San Antonio, Texas, United States

Tampa, Florida, United States

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do

The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. We are seeking a Risk Specialist to join the team. 

As part of the Global Cybersecurity function, the professional in this role must:

  • Participate in and lead assessment of vendor risk, develop mitigation plans and partner with internal stakeholders to manage responsibility
  • Ensure strong oversight of all vendors’ risks and provide member firms and business partners visibility of existing and emerging risks
  • Provide comprehensive reviews of risk assessments and assist with policy, regulatory and accreditation audit preparation
  • Help lead and support the design and implementation and deployment of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/ State Regulatory requirements
  • Conduct reporting and analysis on the data collected by the VRA platform
  • Collect requirements from the member firms to determine and plan effective use of the VRA service
  • Vendor risk questionnaire refinement and scoring, as well as overall VRA risk reporting, for effective program performance and optimization
  • Help develop, maintain, and document workflow processes to ensure data & system controls are appropriate, meet internal baselines and optimize current processes to meet emerging risks
  • Provide guidance to the business, procurement and other stakeholders to ensure requirements of VRM are fully understood and embedded in the solution
  • Monitor and report on risk findings, remediate resolution including development and execution of corrective action plans
  • Perform data analytics & reporting activities. Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities
  • Analyze, update, and modify procedures and processes to identify and continuously implement vendor risk management process improvements
  • Stay informed about the latest developments in the vendor risk management field
  • Improve awareness of operational risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses through vendor compensation achieved through establishment of robust contracts
  • Perform any other job-related instructions, as requested, with reasonable accommodation

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.


  • At least 5 years of Information Security or IT audit experience
  • Experience in management of vulnerability and/or risk remediation with familiarity of risk assessments, and threat models
  • Working familiarity with Vendor Risk Assessments and production of Risk Analysis Reports
  • Working familiarity with ISO27000 standards and ISO27002 controls standards in particular
  • Experience with ServiceNow or other industry standard enterprise Vendor Risk Assessment solution
  • Familiarity with APIs, plug-ins, ad-on software and associated vulnerabilities
  • Strong knowledge of and experience with information security across all domains, experience with applicable concepts and methodologies such as continuous quality improvement and auditing experience
  • Knowledge of configuration management practices and procedures
  • Strong knowledge and working understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard
  • Working familiarity with common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
  • Strong knowledge of and experience with information security across all domains


  • Experience working in Cyber Risk, Business Risk Management, Operational Risk, Internal Audit, and/or Controls related function preferred
  • Familiarity with application, server, and network security is preferred; understanding of security architectures, network security, Active Directory, RBAC and least privilege

Education & Certifications:

  • Bachelor’s degree: preferably in an information technology-related field of study, or equivalent years of experience required
  • Professional IT or Security management certification 
    • One or more of CISA or CRMA preferred; CISSP, CCSP, CISM, GIAC certifications beneficial

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.