Technology Controls Tech Risk Manager
Posted on: May 15, 2022
Do you have experience in risk management and controls? At
Deloitte, we help bring client data to life to enhance the risk
assessment process, reveal unexpected patterns and outliers and
offer insights. The business world is complex and ever changing
and, as a result, Deloitte is helping to redefine audit by infusing
our approach with cutting-edge technologies, data analytics and
visualizations, and transformative audit delivery models. Lead
audit into the future by helping deliver a more dynamic picture to
our clients that provides meaningful insights, empowers
decision-making, and informs tomorrow's success.
Work you'll do
As an Audit and Assurance Products & Solutions ('AAPS') Technology
Controls Tech Risk Lead, you will be responsible for leading
control considerations related to multiple risk environments and
frameworks (e.g., Security, Confidentiality, Third Party Access,
etc.) at all stages of application design, development and
deployment within a particular product portfolio. Under the
guidance of Technology Controls ('TC') Portfolio leadership, the
professional will drive quality as part of the secure software
development lifecycle (SSDLC) based on the TC milestones and will
be responsible for compliance with the TC roadmap. This will
include planning and leading IT control testing of AAPS products,
overseeing the work performed by AAPS Tech Risk Staff and Senior
Consultants, and reviewing control testing working papers while
ensuring a high level of documentation quality and adherence to
firm standards. She / He will be responsible for escalation of
control issues to Portfolio TC leadership, assisting with the
creation of consultation memos with stakeholder(s) and coordinating
the centralized software review process over audit tools with
National Office. Professional will be responsible for understanding
responsibilities of various parties (e.g., internal Deloitte
Information technology organization, Deloitte's vendors and
information technology service providers) and their roles and
responsibilities in the overall control structure. This individual
will be working on designing, implementing and monitoring controls
related to the Deloitte Audit technology organization.
Individual will work closely with the developing Application teams,
Professional Practice Network, Controls over Audit Tools Leader,
Office of Confidentiality & Privacy, ITS, Office of General
Counsel, Regulatory, Global Risk & Compliance and other leadership
as needed to ensure that development, hosting, deployment and other
risk decisions comply with existing firm policies, professional
standards, laws and regulations and other internal and external
requirements. Individual will be responsible for control related
aspects of Risk Assessment Frameworks (RAFs), Confidential
Information Management Plans (CIMP), as well as assisting the other
members of the TC team in reviewing business requirements,
functional requirements and UAT scripts to ensure alignment with
- Bachelor's degree in related field.
- Experience in technology risk or risk management with extensive
experience working on large and medium-size audits performed in
accordance with the PCAOB standards and/or internal audit
experience on clients that are subject to SOX compliance.
- Strong knowledge of General Information Technology controls
(GITCs) across multiple IT platforms, including, but not limited to
Windows and UNIX operating systems, SQL server, MongoDB,
PostgresSQL, and MySQL databases.
- Deep understanding and working knowledge of SOC 2, SOC 1 and/or
ISAE 3402 methodologies.
- Understanding of cloud computing concepts including PAAS/IAAS
services as they relate to hosting environments such as Azure and
Amazon Web Services and their related controls.
- HIPAA experience.
- Knowledge with ISO/NIST framework.
- Security analysis experience on ERPs.
- Identity and Access Management experience.
Candidates should have the following traits and skills:
- Apply concepts of risk assessment and apply professional
- Ability to coach, train and mentor junior staff
- Apply technical knowledge to new scenarios
- Identify and address challenges before they occur
- Not be afraid to fail, resurrect, and fail again until success
- Think strategically about products by understanding
- Embrace conflicting perspectives
- Understand or willing to learn how to operate under a scaled
- Create documentation to be leveraged in negotiation with
internal and external stakeholders such as vendors and quality
- Ability to challenge the status quo, and to identify untapped
opportunities, alternate approaches, and creative solutions to
audit products and solutions
- Confidently lead meetings and / or engage with PPMDs and senior
leaders in the firm
- Work in cross-functional environments with professionals across
Deloitte (non-auditors) and various geographic locations
- Strong project management skills to keep multiple projects
- Strong verbal and written communication skills
Our audits are fueled by more than just technology - what really
sets us apart are our insightful professionals, collaborative
culture, and commitment to innovation and continuous improvement.
Our audit professionals apply a streamlined, intelligent approach
to the audit, enabled by innovative tools and technologies. Quality
is our top priority, and by focusing on innovation, we continue to
raise the bar on quality and deliver greater value to our clients.
Learn more about Deloitte Audit.
Keywords: Deloitte, Harrisburg , Technology Controls Tech Risk Manager, IT / Software / Systems , Harrisburg, Pennsylvania
Didn't find what you're looking for? Search again!