Manager - IT Risk Management
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?Want to make an impact that matters? Consider Deloitte Global.
Work you'll do:
StrategicAligns with leadership and actively contribute to the development, implementation, and maintenance of a firm's technology risk management strategy, methodology and culture.
Gains awareness of new and emerging technologies being deployed and ensure risk assessment processes are appropriately applied.
Support IT organizational maturity development in Deloitte Member Firms, leveraging the Member Firm Standards.
Assist design of implementable risk governance methodologies and programs that deliver on stakeholder expectations and drive the strategic and annual planning processes with a focus on maturing the IT & Cyber Risk Management capabilities.
Actively contributes to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
Keeps the team's knowledge up to date so that risk management best practices can be recommended to and used by colleagues across levels, including executive management.
Fosters and encourages an agile mind set to enable effective technology risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.
Advise member firms on technologies, processes and procedures to address gaps in conjunction with the Deloitte Technology and Integrity strategies.
Advise on the development to the cyber and technology assessment criteria at the start of each assessment cycle - in conjunction with the Global Integrity Assessment Service Leader and the relevant subject matter experts.
OperationalManages technology risk assessments and reports on findings, consult on remediation plans, track status, aggregate results, and report to management / leadership.
Manages deep-dive controls testing for high risk areas within technology for independent validation of issues and remediation efforts.
Serves as a subject matter expert to technology functions for technology risk management requirements according to regulatory requirements, firm policy, client commitments, etc.
Lead Assessments for geographies within Member Firms completing remote/virtual onsite assessments with various subject matter expertsResponsible for continuously improving and updating the technology risk management program, and controls monitoring.
Manages notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
Provides input into the annual strategic planning and budget processes for technology risk management program.
Identifies and puts in place the systems and tools, protocols, analysis methodology and reporting processes necessary to identify, analyze, quantify, monitor and mitigate / control technology risks.
Facilitates cross-disciplinary coordination for risk analysis, remediation scoping, reporting and engagement with stakeholders.
Manages various technology risk management initiatives in accordance with annual objectives and manage multiple complex technology risk management projects throughout the organization.
Contributes to the development and continuous improvement of the technology risk management framework to promote the achievement of firm objectives and safeguard the firm's reputation.
Ensures the maintenance, updating and development of training programs on technology risk management and risk governance, risk reporting for stakeholders to ensure that they are at the leading edge of integrated risk management.
Support accelerated improvement to meet needs of member firms, global stakeholders and executive requirements such as compliance with Technology and Risk Standards.
Population of compliance tools with compliance assessment results, where necessary, to provide a comprehensive view of Member Firm compliance across all assessed standards compliance with Technology and Risk Standards.
Performs other duties as assigned by the Senior Manager within the Independent IT Risk.
Relationship ManagementBuilds strong relationships with internal key stakeholders within second line of defence (2LoD) Technology Risk, relevant first line of defence (1LoD) Technology Risk Management and technology teams.
Work closely with colleagues in the Independent Technology Risk leader and collaborate with the First line of defense leaders to provide a risk governance and Member Firm perspectives during risk taking or key risk management activities to help maintain residual risks within Deloitte's Technology risk appetite.
Liaise closely with the Deloitte Technology organization to strengthen the services and support that we provide to member firmsMotivates and encourages assigned employees to support and take ownership of technology risk management activities and initiatives to optimize decision quality and exceed expected results.
Manages team member performance by engaging and providing feedback to team members, as well as by communicating the firm's goals and their role in achieving them.
Assist the Independent Technology Risk Leader prepare for Governance meetings, liaising with regulatory bodies and external stakeholders.
Escalate finding bringing the Member Firm priorities into the spotlight even when they clash with those of the wider Deloitte firm and Deloitte Technology globally.
Support Deloitte Technology Leaders to develop and manage relationships with Member Firms, taking into consideration different cultural, legislative, and Member Firm issues.
What you'll be part of - our Deloitte Global Culture:
At Deloitte, we expect results.
Incredible-tangible-results.
And Deloitte Global professionals play a unique role in delivering those results.
We reach across disciplines and borders to serve our global organization.
We are the engine of Deloitte.
We develop and implement global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has opportunities.
We see the importance of your perspective and your ability to create value.
We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.
Deloitte Global Risk makes an impact by developing programs, processes and resources to preserve, protect and enhance the Deloitte brand.
We identify new and emerging risks that could significantly impact the network, mitigate risks as they occur, proactively engage with regulators and key stakeholders that impact professional services, and build a clear voice around select policy topics around the globe.
Work
Experience:
Five (5) or more years of demonstrated experience in developing and applying leading practices in a large scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
Two (2) or more years of people management experience and proven leadership and coaching abilities.
Able to demonstrate good relationship management skills.
Skills/abilities:
Working knowledge of Governance Risk Compliance (GRC) tools (eg, ServiceNow ideal or Archer, etc.
) and Unified Compliance Framework (UCF)Good knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.
), NIST, COBIT, SOC2 reporting framework.
Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (eg, GDPR).
Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security or Technology environments.
Experience working and liaising with executives (eg, CIO, CISO, Directors, Principals) or senior management.
Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
Effective relationship-building, communication, presentation, and interpersonal skills.
Highly disciplined, with strong organizational abilities.
Ability to multi-task, prioritize work and work independently.
Possess exceptional level of integrity and customer focus.
Required Licensed or certifications:
One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2, ISO27032 Lead Cybersecurity Manager or similar certifications strongly preferred but equivalent knowledge will be considered.
Education:
Bachelor's Degree or higher in business administration, a technology-related field, or equivalent experience.
Preferred skills/abilities:
IT Operations and Service Management with strong understanding of ITIL framework (ITIL certification an asset).
An understanding of the principles around CMMI, COBIT, ITIL, PMI, Prince2, Agile/SAFe.
Application development experience with strong understanding of system development life cycles approaches and concepts (CMMI knowledge an asset).
How you'll grow:
Deloitte Global inspires leaders at every level.
We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths.
We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges.
We want you to ask questions, take chances, and explore the possible.
Benefits you'll receive:
Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do-that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs.
We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
Corporate citizenship:
Deloitte is led by a purpose:
to make an impact that matters.
This purpose defines who we are and extends to relationships with our clients, our people, and our communities.
We believe that business has the power to inspire and transform.
We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.
#LI-Hybrid Hybrid work, remote may be an option.
Estimated Salary: $20 to $28 per hour based on qualifications.
Work you'll do:
StrategicAligns with leadership and actively contribute to the development, implementation, and maintenance of a firm's technology risk management strategy, methodology and culture.
Gains awareness of new and emerging technologies being deployed and ensure risk assessment processes are appropriately applied.
Support IT organizational maturity development in Deloitte Member Firms, leveraging the Member Firm Standards.
Assist design of implementable risk governance methodologies and programs that deliver on stakeholder expectations and drive the strategic and annual planning processes with a focus on maturing the IT & Cyber Risk Management capabilities.
Actively contributes to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
Keeps the team's knowledge up to date so that risk management best practices can be recommended to and used by colleagues across levels, including executive management.
Fosters and encourages an agile mind set to enable effective technology risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.
Advise member firms on technologies, processes and procedures to address gaps in conjunction with the Deloitte Technology and Integrity strategies.
Advise on the development to the cyber and technology assessment criteria at the start of each assessment cycle - in conjunction with the Global Integrity Assessment Service Leader and the relevant subject matter experts.
OperationalManages technology risk assessments and reports on findings, consult on remediation plans, track status, aggregate results, and report to management / leadership.
Manages deep-dive controls testing for high risk areas within technology for independent validation of issues and remediation efforts.
Serves as a subject matter expert to technology functions for technology risk management requirements according to regulatory requirements, firm policy, client commitments, etc.
Lead Assessments for geographies within Member Firms completing remote/virtual onsite assessments with various subject matter expertsResponsible for continuously improving and updating the technology risk management program, and controls monitoring.
Manages notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
Provides input into the annual strategic planning and budget processes for technology risk management program.
Identifies and puts in place the systems and tools, protocols, analysis methodology and reporting processes necessary to identify, analyze, quantify, monitor and mitigate / control technology risks.
Facilitates cross-disciplinary coordination for risk analysis, remediation scoping, reporting and engagement with stakeholders.
Manages various technology risk management initiatives in accordance with annual objectives and manage multiple complex technology risk management projects throughout the organization.
Contributes to the development and continuous improvement of the technology risk management framework to promote the achievement of firm objectives and safeguard the firm's reputation.
Ensures the maintenance, updating and development of training programs on technology risk management and risk governance, risk reporting for stakeholders to ensure that they are at the leading edge of integrated risk management.
Support accelerated improvement to meet needs of member firms, global stakeholders and executive requirements such as compliance with Technology and Risk Standards.
Population of compliance tools with compliance assessment results, where necessary, to provide a comprehensive view of Member Firm compliance across all assessed standards compliance with Technology and Risk Standards.
Performs other duties as assigned by the Senior Manager within the Independent IT Risk.
Relationship ManagementBuilds strong relationships with internal key stakeholders within second line of defence (2LoD) Technology Risk, relevant first line of defence (1LoD) Technology Risk Management and technology teams.
Work closely with colleagues in the Independent Technology Risk leader and collaborate with the First line of defense leaders to provide a risk governance and Member Firm perspectives during risk taking or key risk management activities to help maintain residual risks within Deloitte's Technology risk appetite.
Liaise closely with the Deloitte Technology organization to strengthen the services and support that we provide to member firmsMotivates and encourages assigned employees to support and take ownership of technology risk management activities and initiatives to optimize decision quality and exceed expected results.
Manages team member performance by engaging and providing feedback to team members, as well as by communicating the firm's goals and their role in achieving them.
Assist the Independent Technology Risk Leader prepare for Governance meetings, liaising with regulatory bodies and external stakeholders.
Escalate finding bringing the Member Firm priorities into the spotlight even when they clash with those of the wider Deloitte firm and Deloitte Technology globally.
Support Deloitte Technology Leaders to develop and manage relationships with Member Firms, taking into consideration different cultural, legislative, and Member Firm issues.
What you'll be part of - our Deloitte Global Culture:
At Deloitte, we expect results.
Incredible-tangible-results.
And Deloitte Global professionals play a unique role in delivering those results.
We reach across disciplines and borders to serve our global organization.
We are the engine of Deloitte.
We develop and implement global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has opportunities.
We see the importance of your perspective and your ability to create value.
We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.
Deloitte Global Risk makes an impact by developing programs, processes and resources to preserve, protect and enhance the Deloitte brand.
We identify new and emerging risks that could significantly impact the network, mitigate risks as they occur, proactively engage with regulators and key stakeholders that impact professional services, and build a clear voice around select policy topics around the globe.
Work
Experience:
Five (5) or more years of demonstrated experience in developing and applying leading practices in a large scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
Two (2) or more years of people management experience and proven leadership and coaching abilities.
Able to demonstrate good relationship management skills.
Skills/abilities:
Working knowledge of Governance Risk Compliance (GRC) tools (eg, ServiceNow ideal or Archer, etc.
) and Unified Compliance Framework (UCF)Good knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.
), NIST, COBIT, SOC2 reporting framework.
Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (eg, GDPR).
Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security or Technology environments.
Experience working and liaising with executives (eg, CIO, CISO, Directors, Principals) or senior management.
Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
Effective relationship-building, communication, presentation, and interpersonal skills.
Highly disciplined, with strong organizational abilities.
Ability to multi-task, prioritize work and work independently.
Possess exceptional level of integrity and customer focus.
Required Licensed or certifications:
One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2, ISO27032 Lead Cybersecurity Manager or similar certifications strongly preferred but equivalent knowledge will be considered.
Education:
Bachelor's Degree or higher in business administration, a technology-related field, or equivalent experience.
Preferred skills/abilities:
IT Operations and Service Management with strong understanding of ITIL framework (ITIL certification an asset).
An understanding of the principles around CMMI, COBIT, ITIL, PMI, Prince2, Agile/SAFe.
Application development experience with strong understanding of system development life cycles approaches and concepts (CMMI knowledge an asset).
How you'll grow:
Deloitte Global inspires leaders at every level.
We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths.
We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges.
We want you to ask questions, take chances, and explore the possible.
Benefits you'll receive:
Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do-that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs.
We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
Corporate citizenship:
Deloitte is led by a purpose:
to make an impact that matters.
This purpose defines who we are and extends to relationships with our clients, our people, and our communities.
We believe that business has the power to inspire and transform.
We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.
#LI-Hybrid Hybrid work, remote may be an option.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
