Technology Risk Manager - Client/Regulator Inquiries And Audit Oversight DeloitteCleveland, OH (salary not disclosed)

June 27, 2022 | News/Articles


Work you'll do:
Strategic Aligns with leadership and actively contribute to the development, implementation, and maintenance of a firm's technology risk management strategy, methodology and culture.
Analyzes trends in multinational and local client, regulator and member firm security requests to identify the need for new global security policies, standards, and controls.
Provides support and subject matter expertise for the overall enterprise risk assessment process within the organization.
Provides communication, training, and awareness to stakeholders and leadership on information security and responding to client, regulator and member firm inquires.
Evaluates and recommends assurance activities to fulfill client agreements.
Stays up to date and gains awareness of global security policies, standards, and controls, the current technology landscape, as well as new and emerging technologies being deployed and their impact on client, regulator and member firm risk responses.
Actively contributes to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
Fosters and encourages an agile mind set to enable effective technology risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.

Operational Operational responsibilities of this role will include one or more of the following:
Responsible for managing the global shared service program, processes and tools including:
Managing a central service composed of the systems and tools, protocols, analysis methodology and reporting processes necessary to handle responses to technology risk and information security inquiries from clients, regulators and MFs delivered through the combination of global central service and a global delivery team.
Developing and maintaining a questionnaire repository of previously completed client information security requests, member firm responses and Standard Answers Banks (SABs).
Creating and continuously improving global processes and procedures.
Training, consulting or liaising with member firm Client Security Leads (CSLs), Global Senior Analysts (delivery team), Global Junior Analysts (delivery team) and both Global and local member firm Subject Matter Experts (SME).
Continuously improving and updating processes, procedures, and tools that include communication, training and support.
Coordinating with various teams within the organization on matters related to Global Incident Response, Governance Risk & Compliance, and Vendor Risk Assessment.

Leads activities related to information security inquiries, including:
Working with the Lead Client Service Partner(s), Qualified Negotiators, and the Global Contracting Unit and Regional Easier Desks to coordinate and manage client information security requests. Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits. Facilitating data gathering and refinement activities using the global delivery team.

Work experience Five (5) or more years of demonstrated experience in developing and applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.

Two (2) or more years of people management experience and proven leadership and coaching abilities.

Required Skills/abilities Proficient English skills in reading and writing, and the ability to understand nuances.

Advanced knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF).

Good knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.

Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).

Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.

For more info: