Technology Risk Senior Analyst , Client/Regulator Inquiries & Audit Oversight, Deloitte Global Risk in Toronto, ON Canada (salary not disclosed)
• Aligns with the firm's technology risk management strategy and with leadership and actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
• Stays up to date and gains awareness of global security policies, standards, and controls, the current technology landscape, as well as new and emerging technologies being deployed and their impact on client, regulator and member firm risk responses.
• Demonstrates and encourages an agile mind set to enable effective IT risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.
Operational responsibilities of this role will include one or more of the following:
- Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the combination of global central service and a global delivery team.
- Responsible for identifying, gathering and pre-populating responses to questions/inquiries using one or more Standard Answer Banks (SABs).
- Responsible for selecting relevant and valid security and assurance statements according to the specific inquiry and submitting these to the respective Client Security Lead.
- Responsible for ensuring the quality and consistency of the work of Junior Analysts (where applicable).
- Responsible for identifying the remaining questions that cannot be pre-populated by Junior Analysts (where applicable) and whether consultation is needed with the Client Security Lead.
- Responsible for assigning and planning tasks to a team of Junior Analysts (where applicable).
- Connecting with the Client Security Leads/Subject Matter Experts to improve delivery quality.
- Responsible for highlighting issues found in the Standard Answer Banks (SABs) and illustrating where changes are necessary.
- SAB maintenance (e.g., following up with owners on expired answers and if they need updating).
- Support the Technology Risk Manager in activities related to information security inquiries
- Support the Technology Risk Manager for the monitoring of audits and certifications:
You are someone with:
- Bachelor's Degree or higher in business administration, a technology-related field, or equivalent experience .
- Three to five years demonstrated experience in applying leading practices in a large -scale Information Security, Technology Risk or
- Operational Risk environments, including strategy development and execution, risk and governance experience.
- Proficient English skills in reading and writing, and the ability to understand nuances.
- Basic knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management
- Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF) .
- Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
- Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
- Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
- Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
- Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
- Effective relationship-building, communication, presentation, and interpersonal skills .
- Highly disciplined, with strong organizational abilities .
- Ability to multi-task, prioritize work and work independently .
- Possess exceptional level of integrity and customer focus .
- Bilingual English and 1 other language French, Spanish, German, or Japanese a plus.
- One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered
For More info: https://theucf.info/WeWUSq