Technology Risk Senior Analyst , Client/Regulator Inquiries & Audit Oversight, Deloitte Global Risk

Job Type:Permanent
Primary Location:Toronto, Ontario, Canada
All Available Locations:Toronto, ON

Our Purpose

At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge. Purpose defines who we are and gives us reason to exist as an organization.
By living our Purpose, we will make an impact that matters.
Learn from deep subject matter experts through mentoring and on the job coaching
Leverage the Deloitte CPA Advantage program, a comprehensive support program for CPA modules and the CFE.
Be encouraged to deepen your technical skills...whatever those may be.
Build your leadership skills at Deloitte University.
Have many careers in one Firm.
Partner with clients to solve their most complex problems
Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness.
Enjoy My Benefit Dollars - a flexible benefit to support your physical, financial and emotional well-being.
Experience a firm where wellness matters.
Experience MyFlex and an agile work environment where work is what you do not where you do it
Experience MyFlex where reduced hours or seasonal work allows you to meet your personal goals.
Build a network of colleagues for life
Have an impact that matters through pro bono and significant volunteer opportunities.
Be empowered to lead and have impact with clients, our communities and in the office.
Be expected to share your ideas and to make them a reality.
Be part of a firm that leads the way and pushes themselves to look like contemporary Canada.
Grow your network and your knowledge by joining one of our many Employee Resource Groups.



Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cuttingedge products and services that deliver outstanding value and that are global in vision and scope? Work with premier thought leaders in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

What will your typical day look like?

Strategic

• Aligns with the firm's technology risk management strategy and with leadership and actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
• Stays up to date and gains awareness of global security policies, standards, and controls, the current technology landscape, as well as new and emerging technologies being deployed and their impact on client, regulator and member firm risk responses.
• Demonstrates and encourages an agile mind set to enable effective IT risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.

Operational

Operational responsibilities of this role will include one or more of the following:

• Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the combination of global central service and a global delivery team.

o Responsible for identifying, gathering and pre-populating responses to questions/inquiries using one or more Standard Answer Banks (SABs).
o Responsible for selecting relevant and valid security and assurance statements according to the specific inquiry and submitting these to the respective Client Security Lead.
o Responsible for ensuring the quality and consistency of the work of Junior Analysts (where applicable).
o Responsible for identifying the remaining questions that cannot be pre-populated by Junior Analysts (where applicable) and whether consultation is needed with the Client Security Lead.
o Responsible for assigning and planning tasks to a team of Junior Analysts (where applicable).
o Connecting with the Client Security Leads/Subject Matter Experts to improve delivery quality.
o Responsible for highlighting issues found in the Standard Answer Banks (SABs) and illustrating where changes are necessary.
o SAB maintenance (e.g., following up with owners on expired answers and if they need updating).
• Support the Technology Risk Manager in activities related to information security inquiries
• Support the Technology Risk Manager for the monitoring of audits and certifications:

About the team

Deloitte Global Culture:

At Deloitte, we expect results. Incredible-tangible-results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network. In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark. Deloitte Global supports our talented professionals in answering the question: What impact will you make?

Deloitte Global Risk makes an impact by developing programs, processes and resources to preserve, protect and enhance the Deloitte brand. We identify new and emerging risks that could significantly impact the network, mitigate risks as they occur, proactively engage with regulators and key stakeholders that impact professional services, and build a clear voice around select policy topics around the globe.

Enough about us, let's talk about you

You are someone with:

• Bachelor's Degree or higher in business administration, a technology-related field, or equivalent experience .
• Three to five years demonstrated experience in applying leading practices in a large -scale Information Security, Technology Risk or
• Operational Risk environments, including strategy development and execution, risk and governance experience.
• Proficient English skills in reading and writing, and the ability to understand nuances.
• Basic knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management
• Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF) .
• Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
• Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
• Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
• Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
• Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
• Effective relationship-building, communication, presentation, and interpersonal skills .
• Highly disciplined, with strong organizational abilities .
• Ability to multi-task, prioritize work and work independently .
• Possess exceptional level of integrity and customer focus .
• Bilingual English and 1 other language French, Spanish, German, or Japanese a plus.
• One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered

Our shared values

While our Purpose guides us and helps explain why we exist, our shared values describe the behaviour we expect from each other at the firm.
They provide common ground to unite us across cultures and geographies. They help us to earn the trust and respect of our stakeholders. We all commit to living by these shared values, to stay true to the principles they represent, and to honour the legacy from which they came. They are what sets us apart and makes us Deloitte.

Every day, we live our Purpose through the following five shared values:

• Lead the way: Deloitte is not only leading the profession, but reinventing it for the future. We're also committed to creating opportunity and leading the way to a more sustainable world.
  
• Serve with integrity: Deloitte has earned the trust of employees, clients, regulators, and the public for 175 years. Upholding that trust is our single most important responsibility.
  
• Take care of each other: We look out for one another and prioritize respect, fairness, development, and well-being.
  
• Foster inclusion: We are at our best when we foster an inclusive culture and embrace diversity in all forms. We know this attracts top talent, enables innovation, and helps us deliver well-rounded client solutions.
  
• Collaborate for measurable impact: We approach our work with a collaborative mindset, teaming across businesses, geographies, and skill sets to deliver tangible, measurable, attributable impact.

The next step is yours

Sound like The One Firm. For You?

At Deloitte, we are all about doing business inclusively - that starts with having diverse colleagues of all abilities. Deloitte encourages applications from all qualified candidates who represent the full diversity of communities across Canada. This includes, but is not limited to, people with disabilities, candidates from Indigenous communities, and candidates from the Black community in support of living our values, creating a culture of Diversity Equity and Inclusion and our commitment to our AccessAbility Action Plan , Reconciliation Action Plan and the BlackNorth Initiative .
We encourage you to connect with us at accessiblecareers@deloitte.ca if you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations). We'd love to hear from you!
By applying to this job you will be assessed against the Deloitte Global Talent Standards. We've designed these standards to provide our clients with a consistent and exceptional Deloitte experience globally.
Deloitte Canada has 30 offices with representation across most of the country. We acknowledge our offices reside on traditional, treaty and unceded territories as part of Turtle Island and is still home to many First Nations, Métis, and Inuit peoples. We are all Treaty people.

Job Segment: Compliance, Risk Management, Cyber Security, CPA, Accounting, Legal, Finance, Security

Category

Management and Executive