Senior Analyst, Independent IT Assessment, Global Job for Deloitte in Southampton, Hampshire (UK) (salary not disclosed)

January 5, 2023 | Job Postings


  • Aligns with the firm's technology risk management strategy and with leadership and actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Gains awareness of new and emerging technologies being deployed and assist firm in strengthening internal controls and improve technology risk management and business performance.
  • Demonstrates and encourages an agile mind set to enable effective Technology risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.
  • Support Technology organizational maturity development in Deloitte Member Firms, leveraging the Member Firm Standards
  • Gains awareness of implementable risk governance methodologies and programs that deliver on stakeholder expectations and drive the strategic and annual planning processes with a focus on maturing the
  • Technology & Cyber Risk Management capabilities.


  • Supports the first line of defense (1LoD) Technology Risk Management risk policy refresh processes.
  • Perform deep-dive controls testing for high risk areas for independent validation of issues and remediation efforts.
  • Fulfill activities to determine the effectiveness of technology controls for mitigating key technology risks, support the identification of control enhancements in end-to-end processes, provide challenges on remedial actions, and share insights and best practices with relevant business units as a proactive measure to reduce the likelihood and impact of future risk events.
  • Demonstrate and apply strong project management skills, inspire teamwork and responsibility with team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
  • Support assessments activities remote/virtual, onsite assessments with various subject matter experts
  • Fulfill Member Firm and client, regulatory and audit-related requests as assigned.
  • Supports initiatives to educate technology functions on technology risk management requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
  • Provide notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
  • Demonstrate and apply a thorough understanding of technology trends to identify issues and communicate this information to the management team through written correspondence and verbal presentations.
  • Support accelerated improvement to meet needs of member firms, global stakeholders and executive requirements such as compliance with Technology and Risk Standards.
  • Population of compliance tools with compliance assessment results, where necessary, to provide a comprehensive view of Member Firm compliance across all assessed standards compliance with Technology and Risk Standards.

Working alongside assessment project teams to:

  • Undertake ad hoc pieces of analysis and report drafting
  • Assist in the preparation of excel spreadsheets
  • Translate compliance report story board into initial report narrative
  • Review deliverables for errors and consistency o Preparing schedules and monitoring costs
  • Providing additional project management and administration support to the assessment team as required
  • Performs other job-related duties as assigned.

Relationship Management:

  • Build strong relationships with internal key stakeholders within second line of defense (2LoD) Independent IT Risk as well as first line of defense (1LoD) Technology Risk Management and technology teams as needed.
  • Maintaining regular communication with the management team.
  • Support the updates and development of training programs on technology risk management for stakeholders to ensure that they are at the leading edge of technology risk management.
  • Escalate finding bringing the Member Firm priorities into the spotlight even when they clash with those of the wider Deloitte firm and Deloitte Technology globally
  • Ability to establish and build relationships with contacts in the Member Firms and across all levels

Connect to your skills and professional experience


  • Bachelor's Degree / equivalent or higher in business administration, a technology-related field, or equivalent experience
  • Proven experience in applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
  • Working knowledge of Global Risk Compliance (GRC) tools (e.g., ServiceNow ideal or Archer, etc.) and Unified Compliance Framework (UCF).
  • Working knowledge of various technology risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • An understanding of the principals around CMMI, COBIT, ITIL, PMI, Prince2, Agile/SAFe Application development knowledge with understanding of system development life cycles approaches and concepts (CMMIknowledge an asset)
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
  • Effective relationship-building, communication, presentation, and interpersonal skills.
  • Highly disciplined, with strong organizational abilities.
  • Ability to multi-task, prioritize work and work independently.
  • Possess exceptional level of integrity and customer focus. Required Licensed or certifications
  • One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2, ISO27032 Lead Cybersecurity Manager or similar certifications strongly preferred but equivalent knowledge will be considered


  • IT Operations and Service Management with strong understanding of ITIL framework (ITIL certification an asset)
  • An understanding of the principles around CMMI, COBIT, ITIL, PMI, Prince2, Agile/SAFe
  • Application development experience with strong understanding of system development life cycles approaches and concepts (CMMI knowledge an asset)
  • Connect to your service line - Enabling Functions
  • Collaboration is central to everything we do at Deloitte. Bringing your individual skills and experience, and sharing your specialist knowledge, is how you'll make a far-reaching impact.

For more info.: