Senior Information Security, Risk and Governance Analyst
Work you’ll do
You will serve as a Sr. Risk and Controls Analyst within the Technology Risk Management (TRM) program for information security and compliance across US firm technology environments. This position sits in the Information Technology Services (ITS) Cyber Security team. This individual supports and drives continual enhancement of the security compliance and risk management program supporting the security interests of the US firm across all security domains and technology environments. This individual performs risk assessments, analyzes technology and operational risks to the enterprise, identifies control needs and works with the technology owner to drive implementation of appropriate controls to comply with relevant laws, regulations, client commitments and industry standards. Performs deep-dive testing / monitoring of controls according to risk, documents results in GRC tool and escalates identified risk to TRM Management and beyond, as necessary. Works closely with Technology function owners and control performers to educate on control requirements and associated risk of non-compliance. May lead projects in their area of expertise.
Performs technology risk assessments and reports on findings, consult on remediation plans, track status, aggregate results and report to Management.
Performs deep-dive controls testing for high risk areas for independent validation of issues and remediation efforts
Provides guidance / education across Technology functions for technology security and compliance requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
Provide guidance for technology processes and procedures to be documented and assist in collecting necessary documentation to facilitate the process.
Provide recommendation for continuous improvements to the risk management process, controls monitoring and TRM program.
Provide notification of updated controls requirements to technology functions due to regulatory and firm policy updates.
Performs other job-related duties as assigned.
Members of our ITS team work behind the scenes, but are essential to the Deloitte organization. Our ITS team develop custom enterprise applications and provide IT infrastructure support to clients to ensure that they sustain a competitive advantage and stay ahead of the innovation curve. Our team has the analytical skills needed to parse mountains of data, the technical proficiency required to deliver custom solutions, and stellar communications skills needed to present research, discovery, and recommendations in logical and easily understandable ways.
Bachelor’s degree in computer science, Business Administration or equivalent educational or professional experience and/or qualifications. An advanced degree is also preferred.
3+ years of experience with information technology security programs, audits, controls, assessments, risk assessments, or remediation management
Demonstrated proficiency in Security and Compliance, Regulatory Requirements (SOC 2, ISO27001, NIST800-53, PCAOB, CSA, etc.) and / or Risk Management programs / performing risk assessments
Requires CISSP, CISA, CISM or other applicable certification or willingness to obtain within 1-2 years
Strong communication, report writing and presentation skills
Ability to work independently and cross-functionally
Excellent time management and related organizational skills including appropriate sense of urgency and a proactive approach