Deloitte Jobs

Job Information

Deloitte Cyber Strategy - Third Party Risk Management Senior Solution Delivery Lead in San Francisco, California

Third Party Risk Management - Senior Solution Delivery Lead

When you join the Deloitte Advisory Third-Party Risk Management (TPRM) practice, you will see how we work with some of the largest organizations in the world, across a variety of industries, to assist organizations in the development and operation of TPRM programs. Our client list includes eminent organizations across industries, e.g., technology, mining, media, pharmaceuticals, oil and gas, public sector and charities.

Work you will do

  • Perform ongoing third-party cyber risk assessments to help clients identify and evaluate complex business and technology risks related to their third parties.

  • Comply with delivery SLA's and provide periodic status updates including potential risks and delays to the project delivery to project manager.

  • Perform validation of sub-controls with third parties as per the validation process set by Deloitte and generate the final report in English language.

  • For the purposes of this job description, the scope of assessments is limited to English language only.

The team

Deloitte Advisory's Cyber Risk Services team helps complex organizations more confidently pursue their growth, innovation, and performance agendas through proactive management of the associated cyber risks. With deep experience across a broad range of industries, Deloitte Advisory's Cyber Risk Services professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to transform legacy programs into proactive Secure, Vigilant, Resilient cyber risk programs. By joining our team, you will be part of developing the future state of cyber risk solutions. Learn more about our Cyber Risk Services practice .

Qualifications and experience


  • Overall 7+ years of relevant experience in information security

  • Working knowledge and understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)

  • Demonstrate knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk

  • Demonstrate knowledge in one or more of the following cyber risk domains, including:

  • Security Governance and Management

  • Security Policies and Procedures

  • Application Security Controls

  • Access Controls

  • Network Security Operations

  • Security Architectures

  • Identity Management

  • Disaster Recovery & Business Continuity

  • Incident Response

  • Risk Management

  • Privacy and Data Protection

  • Encryption

  • Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing

  • Experience in designing third party risk programs and frameworks

  • Experience with developing requirements for TPRM tools

  • Experience building and managing a third-party risk assessment platform

  • BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology

  • Limited immigration sponsorship may be available

  • Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve

  • Information for applicants with a need for accommodation:

  • Candidates must be at least 18 years of age at the time of employment


  • CISSP/CISA (or equivalent)

  • Experience with information security audit or assessments

  • Good understanding of legal and regulatory requirements around information security and data privacy, such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.

  • Prior consulting experience

  • Experience with internal controls, risk assessments, business process, and internal IT control testing or operational auditing

  • Excellent verbal and written communication skills

  • Excellent inter-personal skills

    For individuals assigned and/or hired to work in California, Deloitte is required by law to include a reasonable estimate of the compensation range for this role. This compensation range is specific to California and takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $107,662 - 179,437.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any depends on various factors, including, without limitation, individual and organizational performance.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.