Risk & Financial Advisory - Manager - Third Party Risk
Vacancy expired!
Risk & Financial Advisory - Manager - Third Party Risk Management
Unanticipated risks have great consequences for clients. That's especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models. Deloitte Risk and Financial Advisory's Hybrid-Operate teams deliver next-generation managed services and advanced technology products to help organizations solve complex problems on a long-term basis. Teams do this by bringing together advanced analytics, robust domain knowledge and experience, and strong technology products to help clients monitor, manage, and measure their operational environment for risk.
Given the ever-increasing size and complexity of third party ecosystems, our clients are increasing leveraging our firm's expertise to implement and operate a wide variety of Third Party Risk Management (TPRM) solutions designed to mitigate risks and drive more value in third party relationships. If you are seeking a role that offers exposure to these clients, Deloitte Risk and Financial Advisory's Cyber practice may be the place for you.
The work you perform will help you develop an understanding of:
the different third-party relationships an organization may have across different industries
the drivers which affect behaviors of business partners, suppliers and customers; and
the operational processes and controls required by an organization to effectively manage and monitor its third-party relationships.
As a Manager, it will provide you excellent potential for:
Playing a lead role in designated tasks of the project team in gathering, organizing and analyzing data
Making major contributions in assuring products/deliverables meet contract/work plan
Strong potential for growth and acceptance of additional responsibilities
Work you will do
Lead multiple engagements in the delivery of third party risk assessment services, which include, but are not limited to, assessment execution, stakeholder management, risk reporting and process optimization, leveraging available tools
Advise and assist clients in developing their third party risk management programs, such as risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
Support the design and implementation of third-party risk operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks
Design policies and procedures that support the successful implementation of TPRM operating models
Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements
Consider the application of legal and regulatory requirements to company's risk management practices
Design technology enhancement requirements to support third-party risk management processes
Track and communicate engagement performance and planning to Deloitte engagement management, ensuring project milestones remain on track and are completed timely
Actively mentor and train team members on Third Party Risk Management processes, governance, and frameworks
Work cross-functionally with team members to support and drive a collaborative team environment
Create and design effective presentations as a means for communicating project and deliverable progress to clients
Perform sophisticated data analyses to understand client's business and identify risk
Execute advanced services and supervise staff in delivering basic services
Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
Understand client's business environment and basic risk management approaches
Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche's products and service lines
Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions
Generate innovative ideas and challenge the status quo
Build and nurture positive working relationships with clients with the intention to exceed client expectations
Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services
Identify opportunities to improve engagement profitability
The successful Manager will demonstrate the following attributes:
Ability to adopt a pragmatic approach to dealing with situations where confidentiality is important or where our work is of a sensitive nature
Independent thinker and resourceful problem solver with an ability to exercise mature judgment
Takes ownership and drives toward a successful outcome
Can see the big picture and naturally looks for what other client problems the team can solve
Ability to work independently and in teams to manage multiple task assignments
Strong oral and written communication skills; including presentation, interpersonal communication, and facilitation skills
Brings a genuine approach to day-to-day dealings that includes the highest ethical standard
Ability to manage multiple partners including external team
Ability to manage multiple stakeholders and maintain professional relationships
Acting as a leader in a team environment
Required Qualifications:
Bachelor's degree in information technology, math, business, cyber security, computer science, data analytics or related field
5+ yrs of relevant experience in information security
Working knowledge and understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
Demonstrate knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk
Demonstrate knowledge in one or more of the following cyber risk domains, including:
Security Governance and Management
Security Policies and Procedures
Application Security Controls
Access Controls
Network Security Operations
Security Architectures
Identity Management
Disaster Recovery & Business Continuity
Incident Response
Risk Management
Privacy and Data Protection
Encryption
Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
Ability to travel up to 50% (While up to 50% travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice)
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
Preferred Qualifications:
Degree in Math, Business, Cyber Security, Computer Science, Data Analytics or related field
CISSP/CISA (or equivalent)
Experience with information security audit or assessments
3+ years of project management experience on mid to complex projects required
Good understanding of legal and regulatory requirements around information security and data privacy, such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.
Prior consulting experience
Experience with internal controls, risk assessments, business process, and internal IT control testing or operational auditing
The team The Deloitte Advisory Third-Party Risk Management (TPRM) team, part of our Cyber Risk Services, works with some of the largest organizations in the world, across a variety of industries, to assist organizations in the development and operation of TPRM programs. Our client list includes eminent organizations across industries, e.g. technology, mining, media, pharmaceuticals, oil and gas, public sector and charities.
Our TPRM portfolios of services includes a broad variety of solutions for our clients, including designing and implementing broad third-party governance and risk management frameworks/processes, developing third-party risk and control assessments, and implementing managed services to improve/enhance an organization's TPRM program.
