Cyber - GRC Technical Sr. Consultant, Archer/Bwise
Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Cyber Risk Program Development and Governance services team and support the transition to an executive-led cyber risk program that balances requirements to be secure, vigilant, and resilient in line with the risk appetite of the organization Work you'll do
As a GRC Technical Sr. Consultant, one will be helping organizations develop practical solutions to achieve better visibility over key components of the cyber risk program, leveraging leading vendor GRC platforms or custom-built solutions. Some examples of what you will do include:
• Working with clients to identify target use cases for automation, as well as defining and documenting business and functional requirements for software development.
• Designing programs and processes in a manner that supports automation, including documenting process flows, roles and responsibilities, inputs and outputs, and metrics/scoring.
• Configuring and customizing software applications, including forms, workflows, calculations, integrations, reporting, dashboards, access controls, etc...
• Deploying automated GRC solutions at large and complex organizations.
Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. We work across a variety of different risk and compliance programs that extend well beyond Cyber Risk. Learn more about Deloitte Advisory's Cyber Risk Services practice. Qualifications
• Willingness to learn and work in a disciplined, collaborativeprofessional environment
• Ability to listen to clients, managers, and peers, take strategicdirection, and communicate clearly
• 3+ years of work experience in designing and implementing riskmanagement and GRC processes
• 3+ years of work experience in defining business and functionalrequirements and working with technology teams to support these requirementsthrough automation using GRC software that includes, but is not limited toArcher, BWise, ServiceNow, or MetricStream.
• 2+ years working to identify and address internal and external clientneeds, including:
o working collaboratively with senior risk stakeholders (CIO, CRO, CISOsand direct reports)
o building solid, trust-based relationships with client stakeholders;
o developing quality and meaningful deliverables that suit specific clientneeds;
o communicating with clients in an organized and knowledgeable manner;
o demonstrating flexibility in prioritizing and completing tasks; and
o working collaboratively with the client to identify and solve keyconstraints, risks and issues
• 3+ years of deploying solutions across the entire Software DevelopmentLifecycle (SDLC)
• 3+ years of hands on experience designing and configuring GRC platformsolutions
• 1+ years competency with regulatory mandates such as GLBA, HIPAA, PCIand SOX & risk management frameworks such as ISO 27001, NIST and/or CobitCompetency with IT GRC tool
• Must be willing to travel up to 80% within North America
• BA/BS Degree in Computer Science, Cyber Security, Information Security, Engineering, Information Technology, Finance, Business
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future Preferred:
• Previous Consulting or Big 4 experience preferred
• Certifications on GRC software platforms
• Certifications such as: CISSP, CISM, or CISA certification a plus
As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. https://www2.deloitte.com/us/en/pages/careers/articles/ban-the-box-notices.html
Requisition code: EY20NATESC-GRC64