Deloitte Advisory Manager in Cleveland, Ohio
Deloitte & Touche LLP seeks a Advisory Manager in Cleveland, OH.
Work You'll Do
Play lead role in engagement planning, economics, and billing, quality review management efforts. Demonstrate a general knowledge of market trends and competitor activities and assist in retention of professionals. Organize and manage Roundtable events for the financial services clients to share industry insights / trends and perspectives on key regulatory requirements. Provide updates and engage in executive communications to C-Suite level clients. Manage/Lead development efforts for requests for proposals, requests for information and to contribute in sales initiatives. Identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement. Assist in the selection and tailoring of approaches, methods, and tools to support service offerings or industry projects. Use technology-based tools or methodologies to review, design, and/or implement products and services. Construct and assess high-level and detailed security programs translating business needs and regulatory requirements into cost effective and risk appropriate controls. Identify opportunities to improve engagement profitability. Understand clients' business environment and basic risk management approaches. Manage information security strategies and plans based upon generally accepted security standards. Utilize knowledge of business processes, internal control risk management, IT controls, business and information technology management processes, and market trends on client engagements. Manage development of program guidance documents such as third party risk management policies, procedures and standards. Build and nurture strong client relationships. Generate innovative ideas and participate in decision making with engagement management.
Bachelor's (or higher) degree in Computer Science, Information Systems, Computer Engineering, or related field (willing to accept foreign education equivalent).
Five years of cyber risk experience.
Experience must include five years of:
Assisting clients in transforming third-party risk and cyber security programs to meet strategic business goals, industry leading practices, and compliance and regulatory requirements;
Identifying potential cyber threats for clients in the Financial Services and Consumer Products industry and developing a risk-driven prioritized roadmap to improve overall cyber security maturity;
Designing, implementing, and executing third party frameworks, operating models, implementation strategy, policies, standards, procedures, and assessment templates to support the third party risk management (TPRM) program in accordance with U.S. and global regulations, including New York State Department of Financial Services (NY DFS), National Institute of Standards and Technology (NIST) and Federal Financial Institutions Examination Council (FFIEC), Office of the Comptroller of the Currency (OCC), and ISO 27001/2 requirements;
Conducting cybersecurity maturity assessments, utilizing NIST CSF, NIST 800-53, FFIEC, OCC, and ISO requirements;
Designing and implementing risk tiering methodologies for inherent and residual risk, risk assessment questionnaires based on industry standards, third party issues management framework, key risk and performance indicators, and risk reporting strategies for executive and program levels;
Performing cybersecurity and third party assessments by conducting technical interviews with senior client leadership, identifying gaps in the control environment, developing remediation recommendations, performing quality checks, and designing prioritized roadmaps focused on security and operational enhancements;
Building training modules, developing training materials, and conducting client workshops to provide businesses and risk functions an overview of third parties and associated risks, end-to-end TPRM process, and high-level roles and responsibilities;
Developing business requirements for tools to support cyber security and application security implementation programs; and
Mentoring and coaching junior team members.
In the alternative, the employer is willing to accept a Master's degree and three years of experience as stated above.
Position requires 80% travel.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.