---

---

Location

Secunderabad | India

---

Job description

Manager - IT Risk Management (ITRM)
Deloitte Technology's (DT) ITRM service area helps Deloitte to manage the risks generated using IT in an effective, efficient, and agile manner, providing stakeholders assurance that residual risks are operating within the organization's risk appetite.
Service Line: Audit & Certification
Audit & Certification is the single point of coordination for all audit and certification management activities in the first line of defense for Deloitte Technology.
Audit & Certification works closely with other Global and member firm IT stakeholders, leadership, external and internal auditors to manage IT audit and certification processes to demonstrate effective operation of Deloitte controls.
Work you'll do
As a Manager, Audit & Certification you will be responsible for the maintenance of Deloitte Technology (DT) industry standard framework assessments and certifications. You will collaborate with Global and member firm IT groups to demonstrate effective operation of DT controls, via DT IT certifications for operations, security, infrastructure, shared services and applications.
The role is a subject matter expert in information security processes and standards and audit frameworks (i.e., ISO, COBIT, SOC 2 etc.) 

Key responsibilities include:

• Execute coordination of internal and external audits and assessment, including but not limited to ISO27001, 27017, 22301 and SOC 2; Liase with external and internal auditors, assist in driving closure of open non-conformities.
• Manage and continually improve the DT ISMS (Information Security Management System) and related processes, e.g,. IT risk assessment, metrics reports, awareness and compliance to DT policies and standards
• Support leadership meetings, including Management Review, ISMS Security Forum
• Liaise with Cybersecurity, Global Technology Infrastructure (GTI), Portfolio & Solutions (P&S), Global Risk, Internal Audit, global and member firm risk leaders to support compliance of DT ISMS
• Represent Cybersecurity GRC A&C in GTI, P&S initiatives, including standard development, design of compliance programs, and Global Target Operating Model
• Manage independent assessment programs to support the identification of control enhancements in end-to-end processes, recommend remediation actions, and share best practices with DT, member firms
• Work directly with second line of defense to understand root causes, process deficiencies, control failures for the non- conformities and bring them to closure using continual improvement process.
• Contribute to, produce and maintain processes, procedures, operational documentation as well as drive continual improvement initiatives to align technology risk posture to Deloitte's risk appetite
• Effective relationship-building, communication, presentation, and interpersonal skills; prepare leadership communication materials, facilitate, document, follow up on open items from meetings and Audits
• Ability to identify and deliver improvement opportunities
• Report breaches in information security or policies
• Leverage available technical resources/tools to research; expand IT risk knowledge to enhance work product, remain up to date on member firm and business hot topics while sharing IT risk knowledge where applicable
• Create metrics reports related to A&C scope, tailored to audience
• Strong planning skills, effectively manage and execute multiple activities with minimal customer disruption and within agreed-upon requirements
• Coach, manage and train team of managers and/or staff personnel as needed
• Build relationships with member firm and DT contacts across all levels
• Foster a diverse and high-performing team with appropriate competencies

Required Education, Qualifications, and Experience:

• Bachelor's degree or equivalent experience
• 10+years of Information security management system audits and compliance certification and/or infrastructure operations experience.
• At least 5 years leadership experience in a large global enterprise environment managing teams
• At least 5 years of people management experience, proven leadership and coaching abilities
• Proven track record of managing internal and external audits
• Ability to lead in complex situations that require significant judgment and discretion
• Ability to form long-term, strategic relationships and cultivate a network across Deloitte
• Ability to influence decision-making through high level data analysis.
• Ability to critically analyze results to detect trends. errors, anomalies or conflicts. Relate analysis to business strategy and process
• Strong understanding of audit frameworks & technical standards
• Knowledge of significant global security and privacy laws and regulations (e.g., GDPR)
• Excellent verbal and written communication skills
• Effectively prepare presentation and business material; and succinctly document internal processes

Preferred:
• Certification in at least one of the following: ISO 27001 Lead Auditor /Implementer, CISA, CRISC, CISM, CGEIT, CMMI, PMP

---

Job tags

---

---

Salary