Manager, Technology Risk Management - Governance & Strategy for Deloitte Global Risk in Toronto, Ontario, Canada (salary not disclosed) UCF

July 24, 2023 | News/Articles


  • Align with leadership and actively contribute to the development, implementation, and maintenance of a firm's technology risk management strategy, methodology and culture.
  • Gain awareness of new and emerging technologies being deployed and help ensure risk assessment processes are appropriately applied.
  • Actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Help keep the team's knowledge up to date so that risk management best practices can be recommended to and used by colleagues across levels, including executive management.
  • Foster and encourages an agile mind set to enable effective technology risk management while driving adaptability to ongoing changes in technologies, risks, regulations, and stakeholder expectations.
  • Foster and encourages continuous learning and development of the team members through personal examples, to stay well-informed in the knowledge domains relevant to technology risk management.


  • Serve as a subject matter expert to technology functions for technology risk management requirements according to regulatory requirements, firm policy, client commitments, etc.
  • Responsible for continuously improving and updating the technology risk management program, and controls monitoring.
  • Manage notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
  • Provide input into the annual strategic planning and budget processes for technology risk management program.
  • Identify and put in place the systems and tools, protocols, analysis methodology and reporting processes necessary to identify, analyze, quantify, monitor and mitigate / control technology risks.
  • Facilitate cross-disciplinary coordination for risk analysis, remediation scoping, reporting and engagement with stakeholders.
  • Manage various technology risk management initiatives in accordance with annual objectives and manage multiple complex technology risk management projects throughout the organization.
  • Contribute to the development and continuous improvement of the technology risk management framework to promote the achievement of firm objectives and safeguard the firm's reputation.
  • Help ensure the maintenance, updating and development of training programs on technology risk management and riskgovernance, risk reporting for stakeholders to ensure that they are at the leading edge of integrated risk management.
  • As part of cross-training, assist with technology risk assessments and report on findings, consult on remediation plans, track status, aggregate results, and report to management / leadership.
  • As part of cross-training, assist with deep-dive controls testing for high-risk areas within technology for independent validation of issues and remediation efforts.
  • Perform other duties as assigned by the Senior Manager within the Independent IT Risk.

Relationship Management:

  • Build strong relationships with internal key stakeholders within second line of defense Independent Technology Risk Function, relevant first line of defense Technology Risk Management and technology teams.
  • Motivate and encourages assigned employees to support and take ownership of IT risk management activities and initiatives to optimize decision quality and exceed expected results.
  • Manage team member performance by engaging and providing feedback to team members, as well as by communicating the firm's goals and their role in achieving them.
  • Foster a diverse and high-performance culture with the right competencies

You are someone with:

  • Bachelor's Degree or higher in business administration, a technology-related field, or equivalent education-related experience
  • Five (5) or more years of demonstrated experience in developing and applying leading practices in a large-scale Information Security,
  • Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
  • Experience in highly regulated industries is preferred.
  • Two (2) or more years of people management experience and proven leadership and coaching abilities.
  • Working knowledge of GRC tools (e.g., ServiceNow, Archer, etc.) and Unified Compliance Framework (UCF).
  • Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as testation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
  • Working knowledge in two or more of the following IT and risk domains: cloud hosting, infrastructure, cyber security, secure SDLC, service management, data protection, privacy, IT risk management, maturity assessments, third-party risk management.
  • Working knowledge of emerging IT risks and risk-intelligent adoption of new and existing technologies
  • (Cloud, RPA, Artificial Intelligence) and ways of working (Agile/SAFe) in the context of applicable regulatory requirements and IT deliverymodel.
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management.
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
  • Presentation, and interpersonal skills:
  • Highly disciplined, with strong organizational abilities.
  • Ability to multitask, prioritize work and work independently.
  • Possess exceptional level of integrity and customer focus.
  • Required Licensed or certifications:
  • One or more of CISA, CRISC, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered.

Job Segment: Information Technology, IT Manager, Compliance, Risk Management, Cyber Security, Technology, Legal, Finance, Security

For more info: