As part of the GRC ITRM Risk Management and Operations Team, you will collaborate within a dedicated group to deliver technology and cyber security risk assessments, as well as drive risk management processes effectively. Extensive use of the ServiceNow Integrated Risk Management (IRM) modules to support the Control issue management across Deloitte Technology. Additionally, manage risk library on ServiceNow IRM, drive risk assessment processes and support DT Risk Champions and Risk owners in completing annual risk assessments

• Lead IT organizational maturity development of risk management leveraging Global and DT standards, Maturity Assessment, and Compliance activity

• Lead Cybersecurity domain to Collaborate with Service Area Risk Champions to identify, assess, and manage technology risks within their respective business areas, while actively promoting a strong risk culture

• Develop risk management elements, including automation of test and assessment processes to increase validation of other ITRM activity e.g control testing across DT

• Support the Risk Assessments and Tooling to utilize the full functionality of ServiceNow Integrated Risk Management (IRM) to deliver risk management

• Lead and Execute processes that ensure risk considerations are integrated into the introduction of strategic initiatives and significant program changes

• Support IT Risk Management processes within 3 Lines model

• Lead and support Technology Organization wide Risk assessment with various subject matter experts

• Manage the completion of various risk assessment programs to support risk appetite and the identification of control enhancements in end-to-end processes. Recommend remediation actions and share insights and best practices with Deloitte Technology and (where applicable) Global Lines of Business’ Technology as a proactive measure to reduce the likelihood and impact of future risk events

• Lead IT Risk Assurances and Track first line of defense (1LoD) remediation progress and how this impacts the risk levels and overall risk appetite of DT

• Work with Leadership to Transform requirements embedded into policies, standards and regulations into defined, testable controls that underpins Risk Management and Assurance.

• Responsible for developing deep expertise in multiple risk domains and associated risk controls, ensuring a robust risk management framework across critical technology areas.

• Develop advanced expertise in at least three critical risk domains relevant to our technology environment. such as Cloud Deployment Risks, Artificial Intelligence (AI) Risks, Data Center Risks, Network Risks, and Identity & Access Risks to ensure effective identification, assessment, and mitigation of emerging threats.

• Contribute to the management of the annual Top risk Assessment for DT and have expertise in Enterprise Risk Framework.

• Assist in maintaining a meaningful Risk Library for Technology risks.

Experience: 10-13yrs

Hiring Location: Hyderabad

Work Timings: 12:30 to 9:30 pm IST

The team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Required Education, Qualifications, and Experience Settings:

• Demonstrated background in risk management with proven experience in global facing Roles.

• Proven experience and Capability to support the design of Key performance and Risk indicators as metrics that underpin IT Risk Management Objectives.

• Hands-on experience with IT risk tools (e.g., ServiceNow GRC, Archer, OneTrust, etc.)

• Experience working within an IT risk management, Risk compliance, Risk operations and Assurance, or IT audit teams.

• Subject matter expertise in cloud deployment guardrails, with a strong understanding of cloud-related risks and associated control frameworks.

• Good Relationship Management Skills.

• An understanding of the principles around CMMI, COBIT, ITIL, PMI, Prince2, ISO27001.

• A strong understanding of system development life cycles approaches and concepts (CMMI knowledge an asset)

• IT Operations and Service Management with a strong understanding of ITIL framework or MOF (ITIL certification an asset)

• Diplomatic and persuasive with an ability to handle difficult conversations and confidently manage senior stakeholders.

• Excellent Analytical Skills with strong attention to detail.

• Deloitte IT professional with Global experience

• Detailed knowledge of current Deloitte security policies and technology standards. Relevant industry verifications: such as CISSP, CISA, CISM, CRISC, ISO27032 Lead Cybersecurity Manager

• Ability to influence and persuade at all levels from IT technical staff up to CIOs.

• Be able to build key relationships across the DT function utilising excellent relationship management skills

• Ability to analyze and infer complex data

• Goal-oriented, self-starter and able to work independently with little daily supervision.

• Adaptability to and ability to embrace a wide range of cultures

• Excellent written and oral communication skills