Technology Risk Senior Analyst for Deloitte Global Services Limited , Remote (salary not disclosed)

March 4, 2022 | Job Postings

Work you'll do: Strategic

  • Aligns with the firm's technology risk management strategy and with leadership and actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Stays up to date and gains awareness of global security policies, standards, and controls, the current technology landscape, as well as new and emerging technologies being deployed and their impact on client, regulator and member firm risk responses.
  • Demonstrates and encourages an agile mind set to enable effective IT risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.

Operational: Operational responsibilities of this role will include one or more of the following:

  • Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the combination of global central service and a global delivery team.
  • Responsible for identifying, gathering and pre-populating responses to questions/inquiries using one or more Standard Answer Banks (SABs).
  • Responsible for selecting relevant and valid security and assurance statements according to the specific inquiry and submitting these to the respective Client Security Lead.
  • Responsible for ensuring the quality and consistency of the work of Junior Analysts (where applicable).
  • Responsible for identifying the remaining questions that cannot be pre-populated by Junior Analysts (where applicable) and whether consultation is needed with the Client Security Lead.
  • Responsible for assigning and planning tasks to a team of Junior Analysts (where applicable).
  • Connecting with the Client Security Leads/Subject Matter Experts to improve delivery quality.
  • Responsible for highlighting issues found in the Standard Answer Banks (SABs) and illustrating where changes are necessary.
  • SAB maintenance (e.g., following up with owners on expired answers and if they need updating).
  • Support the Technology Risk Manager in activities related to information security inquiries, including:
  • Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits.
  • Gathering data and refinement activities using the global delivery team.
  • Support the Technology Risk Manager for the monitoring of audits and certifications:
  • Assist with monitoring and providing input on the planning (scope, timing, etc.) of audits and certifications to align with anticipated needs of clients, regulators and MFs.
  • Assist with manage the completion of audit and certification coordination activities (scoping, data and evidence gathering, refinement, etc.) and facilitate staff as they analyze and evaluate various requests.
  • Demonstrate and apply strong project management skills, inspire teamwork and responsibility with team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
  • Supports initiatives to educate technology functions on technology risk management requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
  • Demonstrate and apply a thorough understanding of technology trends to identify issues and communicate this information to the management team through written correspondence and verbal presentations.
  • Performs other job-related duties as assigned by the Manager within the Independent IT Risk function, Client/Regulator Inquiries & Audit Oversight team.

Relationship Management

  • Builds strong relationships with internal key stakeholders within Global Risk, 2LOD IT Risk, relevant 1LOD TRM and technology teams, member firms client security leads and other Global and member firm SMEs as needed.
  • Maintaining regular communication with the management team.

Required Skills/abilities

  • Proficient English skills in reading and writing, and the ability to understand nuances.
  • Basic knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management
  • Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF).
  • Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
  • Effective relationship-building, communication, presentation, and interpersonal skills.
  • Highly disciplined, with strong organizational abilities.
  • Ability to multi-task, prioritize work and work independently.
  • Possess exceptional level of integrity and customer focus.

Other Qualifications:
Preferred Skills/abilities

  • Bilingual English and 1 other language French, Spanish, German, or Japanese a plus.

Required Licenses or certifications

  • One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered

For more info: