Deloitte Sr. Manager, Information Security, Risk, and Governance in Arlington, Virginia
Deloitte is one of the leading professional services organizations in the United States, specializing in audit, tax, consulting and financial advisory services with clients in more than 20 industries. We provide powerful business solutions to some of the world s most well-known and respected companies, including more than 75 percent of the Fortune 100.At Deloitte, you can have a rewarding career on every level. In addition to challenging and meaningful work, you ll have the chance to give back to your community, make a positive impact on the environment, participate in a range of diversity and inclusion initiatives, and find the support, coaching, and training it takes to advance your career. Our commitment to individual choice lets you customize aspects of your career path, your educational opportunities and your benefits. And our culture of innovation means your ideas on how to improve our business and your clients will be heard.
Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
Serves as a subject matter expert within the Technology RiskManagement (TRM) program for security compliance and risk assessment within theInformation Technology Services (ITS) Cyber Security team. This individual manages and continuallyenhances the security compliance and risk management program supporting thesecurity interests of the firm across all primary security domains and technologyenvironments. The Senior Manager workswith the Security and Technology teams across the firm to identify appropriate compliancerequirements, areas of potential risk, potential cost savings and operationalefficiencies that will reduce the overall risks to client and firm dataresources. The position is a compliance and risk advisor toSecurity and Technology teams and focuses on enabling ITS and the business to efficientlyand effectively develop and deploy secured and compliant technology solutions. Position will provide work leadership to otheremployees, as necessary.
Consults on the design and implementation of security processes and controls across all technology environments.
Serves as a subject matter expert on security and compliance requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
Manages and continuously updates effective risk management program and controls framework across all technology environments.
Develops and reviews / challenges risk assessments and reports on findings, consult on remediation plans, track status, aggregate results and report to Management / Leadership.
Educates Technology and Compliance teams on compliance requirements and provide oversight / review for standard, policy and procedure updates.
Performs deep-dive controls testing for high risk areas for independent validation of issues and remediation efforts.
Provides significant input into the annual strategic planning and budget processes for the Technology Risk Management program and recommendations to Technology functions, as necessary.
Performs other job-related duties as assigned.
Bachelor's degree in Computer Science, Information Technology or equivalent educational or professional experience and/or qualifications. An advanced degree is also preferred.
Industry certification required (e.g., CISA, CISM, CISSP and/or other equivalent licenses/certifications.
Minimum of 10 years of experience in risk management and / or IT governance and compliance.
Advanced proficiency in Security and Compliance, Regulatory Requirements (SOC 2, ISO27001, NIST800-53, PCAOB, CSA, etc.)
Excellent communication, listening and facilitation skills
Demonstrated effectiveness working across multiple business units to achieve results.
As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Disclaimer: If you are not reviewing this job posting on our Careers site (careers.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at careers.deloitte.com.
Category: Information Technology