Global Cybersecurity Governance Risk

**This role is open to hire in multiple locations in the United States, Canada and United Kingdom**

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

Work you'll do

The Global Cybersecurity Governance Risk & Compliance, Audit & Certification (A&C) leader is responsible for audit and certification management activities in the first line of defense within DT. This includes internal and external certification and compliance responsibilities, including client mandated ISO 27001 certification and SOC 2 attestation that directly tie to revenue generating work across multiple member firms and geographies. Key responsibilities for the role include:

• Own the DT Information Security Management System (ISMS). Responsible for the maintenance, governance and continuous improvement of DT’s ISO 27001 and 27017 certifications, SOC 2 attestation reports and Member Firm Standards 8 and 4 attestations for DT-as-a-member firm.
• Act as the “face of DT” for internal and external cyber audit activities. Lead, develop and grow team of 11 Cyber professionals supporting the A&C Program
• Enable the production and distribution of clean audit reports to MFs and their clients. Ensure control effectiveness to reduce surprise audit findings.
• Guide, influence and support GTS leadership, member firm IT leaders and Global Businesses in matters relating to DT IT audit and certifications.

Strategic Responsibility

• Define, deliver and continuously improve the audit and certification strategy and roadmap, in alignment with DT, business, member firm and regulatory requirements.
• Proactively collaborate with internal stakeholders to instill a culture of ongoing audit readiness and an effective control environment that support successful audit outcomes and clean audit reports.

Operational /Budgetary Responsibility

• Establish necessary processes and protocols to maintain the DT audit & certification roadmap with IT functions, ensure alignment with internal and external audit requirements.
• Oversee audit fieldwork in progress, manage the interpretation and provision of requested documents and artefacts, ensure proper representation of practices and controls, and coordinate written management responses to audit findings.
• Proactively collaborate on an ongoing basis with MFs, auditors and relevant stakeholders to ensure audit, certifications and client inquiries are completed as efficiently and effectively as possible.
• Actively manage corrective action/progress against non-compliance, opportunities for improvements reported in audits and escalate where necessary.
• Foresee and support the onset of new regulations or newer assurance expectations from MFs, their clients, and regulators (e.g., NIS2, DORA) and discuss with internal stakeholders proactively.
• Provide audit & certification activities for DT by working with IT functions and external and internal auditors to ensure timely scheduling and execution of audits to enable on-time availability of audit reports.
• Effectively and efficiently manage $3.6M budget

Complexity

• The complexity of this role requires the ability to identify, analyze, and execute problems to resolution, handling complex issues simultaneously while effectively communicating across teams, building strong relationships through the organization, and influencing those not in direct line of authority. This role has ownership of decision-making for their area of responsibility within the business unit.
• Deep organizational awareness and ability to navigate the complex DT and Deloitte network and business, to effectively deliver IT certifications that meet business need.
• Ability to proactively research and understand A&C regulatory landscape, best practices, and adjust A&C roadmap as required

Influence and Impact

• This role interacts with and influences DT leadership, MF IT leaders, as well as working effectively with Global Businesses. Ability to identify and influence senior DT leadership, resulting in successful collaboration and outcomes. Maintain effective relationships with DT and MF stakeholders to effectively communicate the audit & certification objectives, coordinate with DT service areas and control owners to ensure controls are designed, implemented and operate effectively.
• Act as point person in providing a consolidated view of audit issues, summary to GRC Leader as needed.
• Interact with IT Leaders in raising awareness and provide guidance on scope of audits and certification activities and implications to front line teams.

Leadership/Talent Development

• This role is responsible for talent strategy and decisions, defining and creating A&C team operating models, resourcing, and performance management. Attract, recruit, coach, reward and retain talent, foster a diverse and high-performing team with the right competencies.
• A&C Lead defines team members’ roles and responsibilities and articulates how they support overall goals and shared purpose. This role creates positive team building activities to allow the A&C to leverage the team to deliver effective solutions and achieve superior performance for the business. This role builds and leads a team by articulating a shared sense of purpose, defining roles, responsibilities, and performance management expectations.

The team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Qualifications

• Extensive leadership experience in a Global IT Organization
• ISO 27001 and SOC 2 qualifications and experience
• Knowledge of Deloitte beneficial

Our culture

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Professional development

From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Benefits

At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.