Work In Tech

--

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cuttingedge products and services that deliver outstanding value and that are global in vision and scope? Work with premier thought leaders in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

What will your typical day look like?

As the Governance Risk and Compliance - Programs Manager within the Deloitte Technology (DT)organization you will be responsible for leading, managing and supporting critical, high-visibility programs and initiatives that are key components of Deloitte Technology’s governance, risk and compliance strategy.

The role will be responsible for leading and managing programs that develop, maintain and mature common technology and cybersecurity standards across Deloitte; define minimum reviews and technical validations for the implementation of new software solutions; and set common expectations for the management of information security governance risk.

This role will involve require the ability to work cross-functionally within a complex and highly matrixed organization as well as the ability to clearly communicate to, influence and persuade stakeholders at the senior leadership level.

The Governance Risk and Compliance - Programs Manager reports to the Governance Risk and Compliance Program Management Lead.

Responsibilities

• Leading Deloitte’s global ISO 27001 program, including – refining the strategic vision for the program, organizing and leading a community of practice of ISO 27001 leads across member firms, identifying opportunities for continuous improvement and common best practices, guiding the transition to new versions of the standard and managing our global relationship with BSI.
• Driving the development, evolution and refinement of the Deloitte Technology Operating Model (TOM) – which sets a baseline for the required technical validation and enterprise risk reviews for software solutions built or procured within Deloitte. This work will include articulation of requirements, scope / applicability, refinements to the model and the creation of supporting guidance for business users and technology teams. Will also lead support for implementation of the model by member firms and monitoring / reporting of compliance.
• Supporting Deloitte’s technology and cybersecurity member firm standards program, including refining the strategic direction of the program, supporting the annual definition of controls to be assessed and articulating opportunities for improved coordination and alignment with other components of the Deloitte technology compliance program.
• Leading (and/or contributing to) special or ad-hoc projects and initiatives within DT Governance Risk and Compliance as needed to support the implementation of the GRC strategy and to achieve key objectives.
• Driving development of reporting, dashboards and analysis on program status, effectiveness and progress as needed.
• Contributing to the development / configuration of enabling tools to support IT governance, risk and compliance management functions (e.g. ServiceNow).
• Contributing to an environment that fosters innovation and enables continuous improvement of the risk and compliance mindset across Deloitte Technology, potentially including developing content for a training and awareness program.
• Interacting in both oral and written communications in matters related to information technology risk with all levels of Deloitte Technology including senior leadership, global risk, office of general counsel (OGC), auditors, customers, engineering / solution development teams, and technology vendors and contractors.

About the team

Deloitte Global:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network. In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark. Deloitte Global supports our talented professionals in answering the question: What impact will you make?

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Enough about us, let’s talk about you

You are someone with:

• Bachelor’s degree in business, management, accounting, information systems, computer science, engineering or related field; or equivalent practical experience; or applicable certification (CRISC, CISA, CISSP).
• 7+ years of industry experience, with an emphasis in risk management and compliance program
• Experience implementing ISO 27001 in a large-scale enterprise and/or ISO 27001 lead auditor / lead implementor certification (preferred).
• Experience with / working knowledge of risk frameworks, standards and industry best practices (e.g. COBIT, COSO, ISO 27001, SOC 2, ITIL).
• Experience developing cloud, infrastructure and cybersecurity policies, standards and in translating regulatory requirements into technical controls.
• Familiarity with governance, risk and compliance (GRC) tools/platforms.
• Ability to work cross-functionally within a complex and highly matrixed organization as well as the ability to clearly communicate to, influence and persuade stakeholders at the senior leadership level.
• Ability to distill pertinent information from disparate information sources and recommend/deliver effective, balanced recommendations and outcomes.
• Ability to quickly adapt to shifting priorities, demands and timelines through both analytical and problem-solving capabilities.
• Proven people, program and project management skills leading to successful execution of established goals and objectives.
• Flexibility and good time management to cover a global organization is required and expected. Availability for occasional travel to support business needs.
• Demonstrates strong ethics by acting as a role model for values, integrity, professional conduct and as an advocate for diversity, equity and inclusion.