Manager - IT Risk Management for Deloitte Global in Baltimore at Geebo, MD (Estimated Salary: $20 to $28 per hour based on qualifications.)

May 16, 2023 | Job Postings

Work you'll do:

  • Strategic Aligns with leadership and actively contribute to the development, implementation, and maintenance of a firm's technology risk management strategy, methodology and culture.
  • Gains awareness of new and emerging technologies being deployed and ensure risk assessment processes are appropriately applied.
  • Support IT organizational maturity development in Deloitte Member Firms, leveraging the Member Firm Standards.
  • Assist design of implementable risk governance methodologies and programs that deliver on stakeholder expectations and drive the strategic and annual planning processes with a focus on maturing the IT & Cyber Risk Management capabilities.
  • Actively contributes to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Keeps the team's knowledge up to date so that risk management best practices can be recommended to and used by colleagues across levels, including executive management.
  • Fosters and encourages an agile mind set to enable effective technology risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.
  • Advise member firms on technologies, processes and procedures to address gaps in conjunction with the Deloitte Technology and Integrity strategies.
  • Advise on the development to the cyber and technology assessment criteria at the start of each assessment cycle - in conjunction with the Global Integrity Assessment Service Leader and the relevant subject matter experts.
  • Operational Manages technology risk assessments and reports on findings, consult on remediation plans, track status, aggregate results, and report to management / leadership.
  • Manages deep-dive controls testing for high risk areas within technology for independent validation of issues and remediation efforts.
  • Serves as a subject matter expert to technology functions for technology risk management requirements according to regulatory requirements, firm policy, client commitments, etc.
  • Lead Assessments for geographies within Member Firms completing remote/virtual onsite assessments with various subject matter expertsResponsible for continuously improving and updating the technology risk management program, and controls monitoring.
  • Manages notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
  • Provides input into the annual strategic planning and budget processes for technology risk management program.
  • Identifies and puts in place the systems and tools, protocols, analysis methodology and reporting processes necessary to identify, analyze, quantify, monitor and mitigate / control technology risks.
  • Facilitates cross-disciplinary coordination for risk analysis, remediation scoping, reporting and engagement with stakeholders.
  • Manages various technology risk management initiatives in accordance with annual objectives and manage multiple complex technology risk management projects throughout the organization.
  • Contributes to the development and continuous improvement of the technology risk management framework to promote the achievement of firm objectives and safeguard the firm's reputation.
  • Ensures the maintenance, updating and development of training programs on technology risk management and risk governance, risk reporting for stakeholders to ensure that they are at the leading edge of integrated risk management.
  • Support accelerated improvement to meet needs of member firms, global stakeholders and executive requirements such as compliance with Technology and Risk Standards.
  • Population of compliance tools with compliance assessment results, where necessary, to provide a comprehensive view of Member Firm compliance across all assessed standards compliance with Technology and Risk Standards.
  • Performs other duties as assigned by the Senior Manager within the Independent IT Risk.
  • Relationship ManagementBuilds strong relationships with internal key stakeholders within second line of defence (2LoD) Technology Risk, relevant first line of defence (1LoD) Technology Risk Management and technology teams.
  • Work closely with colleagues in the Independent Technology Risk leader and collaborate with the First line of defense leaders to provide a risk governance and Member Firm perspectives during risk taking or key risk management activities to help maintain residual risks within Deloitte's Technology risk appetite.
  • Liaise closely with the Deloitte Technology organization to strengthen the services and support that we provide to member firmsMotivates and encourages assigned employees to support and take ownership of technology risk management activities and initiatives to optimize decision quality and exceed expected results.
  • Manages team member performance by engaging and providing feedback to team members, as well as by communicating the firm's goals and their role in achieving them.
  • Assist the Independent Technology Risk Leader prepare for Governance meetings, liaising with regulatory bodies and external stakeholders.
  • Escalate finding bringing the Member Firm priorities into the spotlight even when they clash with those of the wider Deloitte firm and Deloitte Technology globally.
  • Support Deloitte Technology Leaders to develop and manage relationships with Member Firms, taking into consideration different cultural, legislative, and Member Firm issues.


  • Five (5) or more years of demonstrated experience in developing and applying leading practices in a large scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
  • Two (2) or more years of people management experience and proven leadership and coaching abilities.
  • Able to demonstrate good relationship management skills.
  • Skills/abilities:
  • Working knowledge of Governance Risk Compliance (GRC) tools (e.g., ServiceNow ideal or Archer, etc. and Unified Compliance Framework (UCF)Good knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (eg, GDPR).
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security or Technology environments.
  • Experience working and liaising with executives (eg, CIO, CISO, Directors, Principals) or senior management.
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
  • Effective relationship-building, communication, presentation, and interpersonal skills.
  • Highly disciplined, with strong organizational abilities.
  • Ability to multi-task, prioritize work and work independently.
  • Possess exceptional level of integrity and customer focus.
  • Required Licensed or certifications:
  • One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2, ISO27032 Lead Cybersecurity Manager or similar certifications strongly preferred but equivalent knowledge will be considered.


  • Bachelor's Degree or higher in business administration, a technology-related field, or equivalent experience.
  • Preferred skills/abilities:
  • IT Operations and Service Management with strong understanding of ITIL framework (ITIL certification an asset).
  • An understanding of the principles around CMMI, COBIT, ITIL, PMI, Prince2, Agile/SAFe.
  • Application development experience with strong understanding of system development life cycles approaches and concepts (CMMI knowledge an asset).

For more info.: