Technology Risk Senior Analyst, Deloitte Global Risk

Apply now »
Apply now

Apply for Job

Date: Jun 23, 2022

Location: Toronto, Ontario, Canada

Company: Deloitte

Job Type: Permanent 
Primary Location: Toronto, Ontario, Canada 

Our Purpose

 

At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge. Purpose defines who we are and gives us reason to exist as an organization.

By living our Purpose, we will make an impact that matters.

Learn from deep subject matter experts through mentoring and on the job coaching
Leverage the Deloitte CPA Advantage program, a comprehensive support program for CPA modules and the CFE.
Be encouraged to deepen your technical skills…whatever those may be.
Build your leadership skills at Deloitte University.
Have many careers in one Firm.
Partner with clients to solve their most complex problems
Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness. 
Enjoy My Benefit Dollars - a flexible benefit to support your physical, financial and emotional well-being. 
Experience a firm where wellness matters.
Experience MyFlex and an agile work environment where work is what you do not where you do it
Experience MyFlex where reduced hours or seasonal work allows you to meet your personal goals.
Build a network of colleagues for life
Have an impact that matters through pro bono and significant volunteer opportunities.
Be empowered to lead and have impact with clients, our communities and in the office.
Be expected to share your ideas and to make them a reality.
Be part of a firm that leads the way and pushes themselves to look like contemporary Canada.
Grow your network and your knowledge by joining one of our many Employee Resource Groups.

 

 

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting edge products and services that deliver outstanding value and that are global in vision and scope? Work with premier thought leaders in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

What will your typical day look like?

 

Strategic

  • Aligns with the firm’s technology risk management strategy and with leadership and actively contribute to the development of best practices to be used by the broader team, based on research and industry best practices in regulatory and risk governance matters.
  • Stays up to date and gains awareness of global security policies, standards, and controls, the current technology landscape, as well as new and emerging technologies being deployed and their impact on client, regulator and member firm risk responses.
  • Demonstrates and encourages an agile mind set to enable effective IT risk management while driving adaptability to ongoing changes to risks, regulations, and stakeholder expectations.

 

Operational

  • Fulfill member firm and client, regulatory and audit-related information security requests as assigned through the combination of global central service and a global delivery team.
  • Responsible for identifying, gathering and pre-populating responses to questions/inquiries using one or more Standard Answer Banks (SABs).
  • Responsible for selecting relevant and valid security and assurance statements according to the specific inquiry and submitting these to the respective Client Security Lead.
  • Responsible for ensuring the quality and consistency of the work of Junior Analysts (where applicable).
  • Responsible for identifying the remaining questions that cannot be pre-populated by Junior Analysts (where applicable) and whether consultation is needed with the Client Security Lead.
  • Responsible for assigning and planning tasks to a team of Junior Analysts (where applicable).
  • Connecting with the Client Security Leads/Subject Matter Experts to improve delivery quality.
  • Responsible for highlighting issues found in the Standard Answer Banks (SABs) and illustrating where changes are necessary.
  • SAB maintenance (e.g., following up with owners on expired answers and if they need updating).
  • Support the Technology Risk Manager in activities related to information security inquiries, including:
  • Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits; and
  • Gathering data and refinement activities using the global delivery team.
  • Support the Technology Risk Manager for the monitoring of audits and certifications:
  • Assist with monitoring and providing input on the planning (scope, timing, etc.) of audits and certifications to align with anticipated needs of clients, regulators and MFs; and
  • Assist with manage the completion of audit and certification coordination activities (scoping, data and evidence gathering, refinement, etc.) and facilitate staff as they analyze and evaluate various requests.
  • Demonstrate and apply strong project management skills, inspire teamwork and responsibility with team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
  • Supports initiatives to educate technology functions on technology risk management requirements according to regulatory requirements, firm policy, data classification, client commitments, etc.
  • Demonstrate and apply a thorough understanding of technology trends to identify issues and communicate this information to the management team through written correspondence and verbal presentations .

 

Relationship Management

  • Builds strong relationships with internal key stakeholders within Global Risk, 2LOD IT Risk, relevant 1LOD TRM and technology teams, member firms client security leads and other Global and member firm SMEs as needed.
  • Maintaining regular communication with the management team .

About the team

 

Deloitte Global Culture:

 

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network. In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark. Deloitte Global supports our talented professionals in answering the question: What impact will you make?

 

Global Risk, Regulatory, and Public Policy develops programs, processes, and resources to preserve, protect, and enhance the Deloitte brand around the world. We identify new and emerging risks that might impact the network, mitigate threats as they are identified, proactively engage with regulators and key stakeholders to develop identification and mitigation regulations and procedures, and build a clear voice around select policy topics.

Enough about us, let’s talk about you

 

You are someone with:

 

  • Bachelor’s Degree or higher in business administration, a technology-related field, or equivalent experience .
  • Three to five years demonstrated experience in applying leading practices in a large -scale Information Security, Technology Risk or
  • Operational Risk environments, including strategy development and execution, risk and governance experience
  • Proficient English skills in reading and writing, and the ability to understand nuances.Bilingual English/Spanish a plus
  • Basic knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management
  • Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF) .
  • Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
  • Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders.
  • Effective relationship-building, communication, presentation, and interpersonal skills .
  • High discipline, with strong organizational abilities .
  • Ability to multi-task, prioritize work and work independently .
  • Exceptional level of integrity and customer focus .

 

Our shared values

 

While our Purpose guides us and helps explain why we exist, our shared values describe the behaviour we expect from each other at the firm.

They provide common ground to unite us across cultures and geographies. They help us to earn the trust and respect of our stakeholders. We all commit to living by these shared values, to stay true to the principles they represent, and to honour the legacy from which they came. They are what sets us apart and makes us Deloitte.

 

Every day, we live our Purpose through the following five shared values:

 

  • Lead the way: Deloitte is not only leading the profession, but reinventing it for the future. We’re also committed to creating opportunity and leading the way to a more sustainable world.
     
  • Serve with integrity: Deloitte has earned the trust of employees, clients, regulators, and the public for 175 years. Upholding that trust is our single most important responsibility.
     
  • Take care of each other: We look out for one another and prioritize respect, fairness, development, and well-being.
     
  • Foster inclusion: We are at our best when we foster an inclusive culture and embrace diversity in all forms. We know this attracts top talent, enables innovation, and helps us deliver well-rounded client solutions.
     
  • Collaborate for measurable impact: We approach our work with a collaborative mind¬set, teaming across businesses, geographies, and skill sets to deliver tangible, measurable, attributable impact.



The next step is yours
 

Sound like The One Firm. For You? 
 

At Deloitte, we are all about doing business inclusively – that starts with having diverse colleagues of all abilities. Deloitte encourages applications from all qualified candidates who represent the full diversity of communities across Canada. This includes, but is not limited to, people with disabilities, candidates from Indigenous communities, and candidates from the Black community in support of living our values, creating a culture of Diversity Equity and Inclusion and our commitment to our AccessAbility Action PlanReconciliation Action Plan and the BlackNorth Initiative.

We encourage you to connect with us at accessiblecareers@deloitte.ca if you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations). We’d love to hear from you!

By applying to this job you will be assessed against the Deloitte Global Talent Standards. We’ve designed these standards to provide our clients with a consistent and exceptional Deloitte experience globally.
Deloitte Canada has 30 offices with representation across most of the country. We acknowledge our offices reside on traditional, treaty and unceded territories as part of Turtle Island and is still home to many First Nations, Métis, and Inuit peoples. We are all Treaty people.


Job Segment: Information Security, Compliance, Cyber Security, Information Systems, Public Policy, Technology, Legal, Security