Work you’ll do:
The Risk & Compliance AVP provides strategy and tactical guidance and solutions to technology Risk & Compliance areas, with a specific focus on Offshore Delivery Centers (ODCs). This position is specifically responsible for end-to-end client ODC setups, client audits & assessments, and ODC assurance program. This role will interact with executives within Deloitte as well as functional leaders, legal, risk and regulatory leaders, Business Information Security Officers, external and internal auditors, regulators, clients and prospective clients.
In this role, you will:
- Clearly understand the technology and operational risk to the client ODCs, as well as related laws, regulations, and industry standards, specifically as related to audits and assessments.
- Partner with the appropriate leadership within Cyber Security, Office of General Counsel, Risk Management, and engagement leaders including senior partners and to determine various strategies and tactics for programs as defined by contracts and regulatory requirements/restrictions/considerations.
- Provides strategic directions on appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet requirements.
- Participate in appropriate opportunities for continuing education, seminars, participation in field-related professional organizations to remain current on developments in information security profession.
- Represent Cyber Security Risk & Compliance in internal and external contract reviews
Deloitte Technology helps power Deloitte’s success. Deloitte Technology team drives Deloitte, which serves many of the world’s largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~3,000 professionals in Deloitte Technology deliver services including:
- Cyber Security
- Technology Support
- Technology & Infrastructure
- Applications
- Relationship Management
- Strategy & Communications
- Project Management
- Financials
Cyber Security
Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of Risk & Compliance focus include:
- Client ODCs
- Security Contract Reviews
- Vendor Assessments
- Security Awareness
- Audits & Assessments
- Bachelor’s degree in information security, Computer Science, or Information Systems.
- Minimum 15 years of related experience, including cybersecurity and/or risk management experience in organizations of a similar scale or client-service experience in the field.
- Minimum 7 years leadership/management experience
- Master’s degree in information security, Computer Science, or Information Systems with a focus in Cyber Security or related field.
- Demonstrated understanding of Deloitte’s Cyber Security Risk & Compliance Vendor assessments and Security Contracts
- C-level and executive interaction experience; demonstrated experience driving strategy and initiatives with cross-functional executive level stakeholders.
- Ability to frame and communicate security and risk-related concepts to technical and nontechnical audiences at various levels.
- Understanding of and ability to effectively apply trends and developments in the area of global security and risk management.
- Demonstrated ability to drive organizational change and work with multiple business units of an organization to effect change.
- Exceptional verbal and written communication skills. Must be able to interact effectively with professionals at all levels and communicate recommendations with diplomacy and tact.
- Strong understanding of Deloitte Touche Tohmatsu Limited operating environment OR successful experience working in a comparable global professional services organization.
- Professional security certifications such as CISSP, CCISO, GIAC, or CISA.