Work In Tech

Find your next role at Canada's fastest-growing tech companies

Deloitte Technology Governance Risk and Compliance - Programs Manager, Deloitte Global Technology



IT, Legal
Toronto, ON, Canada
Posted on Saturday, July 1, 2023

Job Type: Permanent
Reference code: 123914
Primary Location: Toronto, ON
All Available Locations: Toronto, ON

Our Purpose

At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge. Purpose defines who we are and gives us reason to exist as an organization.

By living our Purpose, we will make an impact that matters.

  • Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness.
  • Experience a firm where wellness matters.
  • Be expected to share your ideas and to make them a reality


Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cuttingedge products and services that deliver outstanding value and that are global in vision and scope? Work with premier thought leaders in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

What will your typical day look like?

As the Governance Risk and Compliance - Programs Manager within the Deloitte Technology (DT)organization you will be responsible for leading, managing and supporting critical, high-visibility programs and initiatives that are key components of Deloitte Technology’s governance, risk and compliance strategy.

The role will be responsible for leading and managing programs that develop, maintain and mature common technology and cybersecurity standards across Deloitte; define minimum reviews and technical validations for the implementation of new software solutions; and set common expectations for the management of information security governance risk.

This role will involve require the ability to work cross-functionally within a complex and highly matrixed organization as well as the ability to clearly communicate to, influence and persuade stakeholders at the senior leadership level.

The Governance Risk and Compliance - Programs Manager reports to the Governance Risk and Compliance Program Management Lead.


  • Leading Deloitte’s global ISO 27001 program, including – refining the strategic vision for the program, organizing and leading a community of practice of ISO 27001 leads across member firms, identifying opportunities for continuous improvement and common best practices, guiding the transition to new versions of the standard and managing our global relationship with BSI.
  • Driving the development, evolution and refinement of the Deloitte Technology Operating Model (TOM) – which sets a baseline for the required technical validation and enterprise risk reviews for software solutions built or procured within Deloitte. This work will include articulation of requirements, scope / applicability, refinements to the model and the creation of supporting guidance for business users and technology teams. Will also lead support for implementation of the model by member firms and monitoring / reporting of compliance.
  • Supporting Deloitte’s technology and cybersecurity member firm standards program, including refining the strategic direction of the program, supporting the annual definition of controls to be assessed and articulating opportunities for improved coordination and alignment with other components of the Deloitte technology compliance program.
  • Leading (and/or contributing to) special or ad-hoc projects and initiatives within DT Governance Risk and Compliance as needed to support the implementation of the GRC strategy and to achieve key objectives.
  • Driving development of reporting, dashboards and analysis on program status, effectiveness and progress as needed.
  • Contributing to the development / configuration of enabling tools to support IT governance, risk and compliance management functions (e.g. ServiceNow).
  • Contributing to an environment that fosters innovation and enables continuous improvement of the risk and compliance mindset across Deloitte Technology, potentially including developing content for a training and awareness program.
  • Interacting in both oral and written communications in matters related to information technology risk with all levels of Deloitte Technology including senior leadership, global risk, office of general counsel (OGC), auditors, customers, engineering / solution development teams, and technology vendors and contractors.

About the team

Deloitte Global:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network. In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark. Deloitte Global supports our talented professionals in answering the question: What impact will you make?

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Enough about us, let’s talk about you

You are someone with:

  • Bachelor’s degree in business, management, accounting, information systems, computer science, engineering or related field; or equivalent practical experience; or applicable certification (CRISC, CISA, CISSP).
  • 7+ years of industry experience, with an emphasis in risk management and compliance program
  • Experience implementing ISO 27001 in a large-scale enterprise and/or ISO 27001 lead auditor / lead implementor certification (preferred).
  • Experience with / working knowledge of risk frameworks, standards and industry best practices (e.g. COBIT, COSO, ISO 27001, SOC 2, ITIL).
  • Experience developing cloud, infrastructure and cybersecurity policies, standards and in translating regulatory requirements into technical controls.
  • Familiarity with governance, risk and compliance (GRC) tools/platforms.
  • Ability to work cross-functionally within a complex and highly matrixed organization as well as the ability to clearly communicate to, influence and persuade stakeholders at the senior leadership level.
  • Ability to distill pertinent information from disparate information sources and recommend/deliver effective, balanced recommendations and outcomes.
  • Ability to quickly adapt to shifting priorities, demands and timelines through both analytical and problem-solving capabilities.
  • Proven people, program and project management skills leading to successful execution of established goals and objectives.
  • Flexibility and good time management to cover a global organization is required and expected. Availability for occasional travel to support business needs.
  • Demonstrates strong ethics by acting as a role model for values, integrity, professional conduct and as an advocate for diversity, equity and inclusion.

Our promise to our people: Deloitte is where potential comes to life.

Be yourself, and more.

We are a group of talented people who want to learn, gain experience, and develop skills. Wherever you are in your career, we want you to advance.

You shape how we make impact.

Diverse perspectives and life experiences make us better. Whoever you are and wherever you’re from, we want you to feel like you belong here. We provide flexible working options to support you and how you can contribute. Be the leader you want to be.

Be the leader you want to be

Some guide teams, some change culture, some build essential expertise. We offer opportunities and experiences that support your continuing growth as a leader.

Have as many careers as you want.

We are uniquely able to offer you new challenges and roles – and prepare you for them. We bring together people with unique experiences and talents, and we are the place to develop a lasting network of friends, peers, and mentors. Our TVP is about relationships – between leaders and their people, the firm and its people, peers, and within in our communities.

The next step is yours

At Deloitte, we are all about doing business inclusively – that starts with having diverse colleagues of all abilities. Deloitte encourages applications from all qualified candidates who represent the full diversity of communities across Canada. This includes, but is not limited to, people with disabilities, candidates from Indigenous communities, and candidates from the Black community in support of living our values, creating a culture of Diversity Equity and Inclusion and our commitment to our AccessAbility Action Plan, Reconciliation Action Plan and the BlackNorth Initiative.

By applying to this job you will be assessed against the Deloitte Global Talent Standards. We’ve designed these standards to provide our clients with a consistent and exceptional Deloitte experience globally.
Deloitte Canada has 30 offices with representation across most of the country. We acknowledge our offices reside on traditional, treaty and unceded territories as part of Turtle Island and is still home to many First Nations, Métis, and Inuit peoples. We are all Treaty people.