Technology Controls Tech Risk Manager
Do you have experience in risk management and controls? At Deloitte, we help bring client data to life to enhance the risk assessment process, reveal unexpected patterns and outliers and offer insights. The business world is complex and ever changing and, as a result, Deloitte is helping to redefine audit by infusing our approach with cutting-edge technologies, data analytics and visualizations, and transformative audit delivery models. Lead audit into the future by helping deliver a more dynamic picture to our clients that provides meaningful insights, empowers decision-making, and informs tomorrow's success.Work you'll doAs an Audit and Assurance Products & Solutions ('AAPS') Technology Controls Tech Risk Lead, you will be responsible for leading control considerations related to multiple risk environments and frameworks (eg, Security, Confidentiality, Third Party Access, etc.) at all stages of application design, development and deployment within a particular product portfolio. Under the guidance of Technology Controls ('TC') Portfolio leadership, the professional will drive quality as part of the secure software development lifecycle (SSDLC) based on the TC milestones and will be responsible for compliance with the TC roadmap. This will include planning and leading IT control testing of AAPS products, overseeing the work performed by AAPS Tech Risk Staff and Senior Consultants, and reviewing control testing working papers while ensuring a high level of documentation quality and adherence to firm standards. She / He will be responsible for escalation of control issues to Portfolio TC leadership, assisting with the creation of consultation memos with stakeholder(s) and coordinating the centralized software review process over audit tools with National Office. Professional will be responsible for understanding responsibilities of various parties (eg, internal Deloitte Information technology organization, Deloitte's vendors and information technology service providers) and their roles and responsibilities in the overall control structure. This individual will be working on designing, implementing and monitoring controls related to the Deloitte Audit technology organization.Individual will work closely with the developing Application teams, Professional Practice Network, Controls over Audit Tools Leader, Office of Confidentiality & Privacy, ITS, Office of General Counsel, Regulatory, Global Risk & Compliance and other leadership as needed to ensure that development, hosting, deployment and other risk decisions comply with existing firm policies, professional standards, laws and regulations and other internal and external requirements. Individual will be responsible for control related aspects of Risk Assessment Frameworks (RAFs), Confidential Information Management Plans (CIMP), as well as assisting the other members of the TC team in reviewing business requirements, functional requirements and UAT scripts to ensure alignment with controls.Required Qualifications:Bachelor's degree in related field.Experience in technology risk or risk management with extensive experience working on large and medium-size audits performed in accordance with the PCAOB standards and/or internal audit experience on clients that are subject to SOX compliance.Strong knowledge of General Information Technology controls (GITCs) across multiple IT platforms, including, but not limited to Windows and UNIX operating systems, SQL server, MongoDB, PostgresSQL, and MySQL databases.Deep understanding and working knowledge of SOC 2, SOC 1 and/or ISAE 3402 methodologies.Understanding of cloud computing concepts including PAAS/IAAS services as they relate to hosting environments such as Azure and Amazon Web Services and their related controls.Preferred Qualifications:HIPAA experience.Knowledge with ISO/NIST framework.Security analysis experience on ERPs.Identity and Access Management experience.Candidates should have the following traits and skills:Apply concepts of risk assessment and apply professional skepticismAbility to coach, train and mentor junior staffApply technical knowledge to new scenariosIdentify and address challenges before they occurNot be afraid to fail, resurrect, and fail again until success is achievedThink strategically about products by understanding roadmap/planEmbrace conflicting perspectivesUnderstand or willing to learn how to operate under a scaled agile frameworkCreate documentation to be leveraged in negotiation with internal and external stakeholders such as vendors and quality inspectionsAbility to challenge the status quo, and to identify untapped opportunities, alternate approaches, and creative solutions to audit products and solutionsConfidently lead meetings and / or engage with PPMDs and senior leaders in the firmWork in cross-functional environments with professionals across Deloitte (non-auditors) and various geographic locationsStrong project management skills to keep multiple projects organizedStrong verbal and written communication skillsThe teamOur audits are fueled by more than just technology - what really sets us apart are our insightful professionals, collaborative culture, and commitment to innovation and continuous improvement. Our audit professionals apply a streamlined, intelligent approach to the audit, enabled by innovative tools and technologies. Quality is our top priority, and by focusing on innovation, we continue to raise the bar on quality and deliver greater value to our clients. Learn more about Deloitte Audit.