Share these opportunities

Advisory Consultant, Project VSA - Deloitte Global AAPS: Technology Risk and Controls

Apply now

Apply for Job

Date Posted: Dec 7, 2018

Reference Code: 43125-en_US

Service:  Firm-Wide  
Job Type:  Permanent 
Primary Location: Toronto, Ontario, Canada 
All Available Locations: Toronto 

External Posting Description

Do you have experience in risk management and controls? At Deloitte, we help bring client data to life to enhance the risk assessment process, reveal unexpected patterns and outliers and offer insights. The business world is complex and ever changing and, as a result, Deloitte is helping to redefine audit by infusing our approach with cutting-edge technologies, data analytics and visualizations, and transformative audit delivery models. Lead audit into the future by helping deliver a more dynamic picture to our clients that provides meaningful insights, empowers decision-making, and informs tomorrow’s success.

Work you’ll do

As an Audit and Assurance Products & Solutions (‘AAPS’) Technology Risk and Controls Advisory Senior Consultant, you will be responsible for leading control considerations related to multiple risk environments and frameworks (e.g., Security, Confidentiality, Third Party Access, etc.) at all stages of application design, development and deployment within a particular product portfolio. Under the guidance of Technology Risk and Controls (‘TRC’) Portfolio leadership, you will drive quality as part of the software development lifecycle (SDLC) based on the TRC milestones and will be responsible for compliance with the TRC roadmap. 

Responsibilities will include:

  • Escalation of control issues to Portfolio TRC leadership, assisting with the creation of consultation memos with stakeholder(s) and coordinating the centralized software review process over audit tools with National Office.
  • Understanding responsibilities of various parties (e.g., internal Deloitte Information technology organization, Deloitte’s vendors and information technology service providers) and their roles and responsibilities in the overall control structure. 
  • Designing, implementing and monitoring controls related to the Deloitte Audit technology organization.
  • Work closely with the developing Application teams, Professional Practice Network, Controls over Audit Tools Leader, Office of Confidentiality & Privacy, ITS, Office of General Counsel, Regulatory, Global Risk & Compliance and other leadership as needed to ensure that development, hosting, deployment and other risk decisions comply with existing firm policies, professional standards, laws and regulations and other internal and external requirements.
  • Responsible for control related aspects of Risk Acceptance Frameworks (RAFs), Confidential Information Management Plans (CIMP), as well as assisting the other members of the TRC team in reviewing business requirements, functional requirements and UAT scripts to ensure alignment with controls.

The team

Our audits are fueled by more than just technology – what really sets us apart are our insightful professionals, collaborative culture, and commitment to innovation and continuous improvement. Our audit professionals apply a streamlined, intelligent approach to the audit, enabled by innovative tools and technologies. Quality is our top priority, and by focusing on innovation, we continue to raise the bar on quality and deliver greater value to our clients.

External Posting Qualifications

Experience requirements:

An experienced high-performing technology risk or risk management professional with extensive experience working on large and medium-size audits performed in accordance with the PCAOB standards and/or internal audit experience on clients that are subject to SOX compliance. Strong knowledge of General Information Technology controls (GITCs) across multiple IT platforms, including, but not limited to Windows and UNIX operating systems, SQL server, MongoDB, PostgresSQL, and MySQL databases.  Deep understanding and working knowledge of SOC 2, SOC 1 and/or ISAE 3402 methodologies. Understanding of cloud computing concepts including PAAS/IAAS services as they relate to hosting environments such as Azure and Amazon Web Services and their related controls.   Additional beneficial qualifications: HIPAA experience, ISO/NIST framework knowledge, security analysis experience on ERPs, identity and access management experience.  Professional should be able to travel at least 30% of the time.

Candidates should have the following traits and skills:

  • Apply concepts of risk assessment and apply professional skepticism
  • Coach and train Risk and Control (R&C) Advisory Staff
  • Apply technical knowledge to new scenarios
  • Identify and address challenges before they occur
  • Not be afraid to fail, resurrect, and fail again until success is achieved
  • Think strategically about products by understanding roadmap/plan
  • Embrace conflicting perspectives
  • Understand or willing to learn how to operate under a scaled agile framework
  • Create documentation to be leveraged in negotiation with internal and external stakeholders such as vendors and quality inspections
  • Ability to challenge the status quo, and to identify untapped opportunities, alternate approaches, and creative solutions to audit products and solutions
  • Confidently lead meetings and / or engage with PPMDs and senior leaders in the firm
  • Work in cross-functional environments with professionals across Deloitte (non-auditors) and various geographic locations
  • Strong project management skills to keep multiple projects organized
  • Strong verbal and written communication skills

How you’ll grow

At Deloitte, we believe in professional development and helping our people grow. We offer learning opportunities to help you sharpen your skills in addition to hands-on experience in the global, fast-changing business world.  We support the development of leadership and technical skills through leading-edge learning development solutions.


At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.

Deloitte’s culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives.

Deloitte is an inclusive employer dedicated to building a diverse workforce.  We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective provincial human rights codes throughout all stages of the recruitment and selection process. Please advise the Recruiter to ensure your accessibility needs are accommodated throughout this process.  Information received relating to accommodation will be addressed confidentially.

We thank all applicants in advance for their interest; however, only those candidates selected for an interview will be contacted.

Apply now

Apply for Job

Find similar jobs: