Work you ll do
As a GRC Technical Manager, one will be helping organizations develop practical solutions to achieve better visibility over key components of the cyber risk program, leveraging leading vendor GRC platforms or custom-built solutions. Some examples of what you will do include:
Implementing data classification schemas and assigning assurance levels to information assets.
Performing risk assessments, using risk assessment software or developing risk assessment tools at the enterprise level. Experience performing surveys and inventories across globally distributed organizations; including application, database and policy inventories a plus.
Performing security and/or privacy gap assessments and producing executive management reports on current practices that expose an organization to privacy and/or security risks. Experience with an organization's privacy and security due diligence efforts when entering into third party relationships or M&A activities a plus.
Defining and deploying risk management and GRC programs at large and complex organizations.
Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory s Cyber Risk Services practice.
5+ years of work experience in designing and implementing risk management and GRC processes
5+ years of work experience in defining business and functional requirements and working with technology teams to support these requirements through automation using GRC software that includes, but is not limited to Archer, BWise, OpenPages and Agiliance
5+ years working to identify and address internal and external client needs, including:
o working collaboratively with senior risk stakeholders (CIO, CRO, CISOs and direct reports)
o building solid, trust-based relationships with client stakeholders;
o developing quality and meaningful deliverables that suit specific client needs;
o communicating with clients in an organized and knowledgeable manner;
o demonstrating flexibility in prioritizing and completing tasks; and
o working collaboratively with the client to identify and solve key constraints, risks and issues
5+ years of security, risk and compliance experience.
5+ years of hands on experience designing and configuring the RSA Archer, Agiliance, or BWise GRC suite of products
3+ years competency with regulatory mandates such as GLBA, HIPAA, PCI and SOX & risk management frameworks such as ISO 27001, NIST and/or Cobit Competency with IT GRC tool
Must be willing to travel up to 80% within North America
BA/BS Degree in Computer Science, Cyber Security, Information Security, Engineering, Information Technology, Finance, Business
As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available.
Loading some great jobs for you...