Third Party Risk - Controls Tester Senior Consultant
Location: Tucson, Arizona
Internal Number: 15762931
Risk & Financial Advisory Senior Consultant- Third Party Risk Management
Unanticipated risks have great consequences for clients. That's especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models. Deloitte Risk and Financial Advisory's Hybrid-Operate teams deliver next-generation managed services and advanced technology products to help organizations solve complex problems on a long-term basis. Teams do this by bringing together advanced analytics, robust domain knowledge and experience, and strong technology products to help clients monitor, manage, and measure their operational environment for risk.
Given the ever-increasing size and complexity of third party ecosystems, our clients are increasing leveraging our firm's expertise to implement and operate a wide variety of Third Party Risk Management (TPRM) solutions designed to mitigate risks and drive more value in third party relationships. If you are seeking a role that offers exposure to these clients, Deloitte Risk and Financial Advisory's Cyber practice may be the place for you.
The work you perform will help you develop an understanding of:
the different third-party relationships an organization may have across different industries
the drivers which affect behaviors of business partners, suppliers and customers; and
the operational processes and controls required by an organization to effectively manage and monitor its third-party relationships.
Work you will do
Perform ongoing third-party cyber risk assessments to help clients identify and evaluate complex business and technology risks related to their third parties.
Comply with delivery SLA's and provide periodic status updates including potential risks and delays to the project delivery to project manager.
Perform validation of sub-controls with third parties as per the validation process set by Deloitte and generate the final report in English language.
The successful Senior Consultant will demonstrate the following attributes:
Excellent verbal and written communication skills
Excellent inter-personal skills
Independent thinker and resourceful problem solver with an ability to exercise mature judgment
Takes ownership and drives toward a successful outcome
Can see the big picture and naturally looks for what other client problems the team can solve
Ability to work independently and in teams to manage multiple task assignments
Brings a genuine approach to day-to-day dealings that includes the highest ethical standard
Acting as a leader in a team environment
3+ yrs of relevant experience in information security
Working knowledge and understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
Demonstrate knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk
Demonstrate knowledge in one or more of the following cyber risk domains, including:
Security Governance and Management
Security Policies and Procedures
Application Security Controls
Network Security Operations
Disaster Recovery & Business Continuity
Privacy and Data Protection
Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
Ability to travel up to 50% (While up to 50% travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice)
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
Degree in Math, Business, Cyber Security, Computer Science, Data Analytics or related field
CISSP/CISA (or equivalent)
Experience with information security audit or assessments
Good understanding of legal and regulatory requirements around information security and data privacy, such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.
Prior consulting experience
Experience with internal controls, risk assessments, business process, and internal IT control testing or operational auditing
The team The Deloitte Advisory Third-Party Risk Management (TPRM) team, part of our Cyber Risk Services, works with some of the largest organizations in the world, across a variety of industries, to assist organizations in the development and operation of TPRM programs. Our client list includes eminent organizations across industries, e.g. technology, mining, media, pharmaceuticals, oil and gas, public sector and charities.
Our TPRM portfolios of services includes a broad variety of solutions for our clients, including designing and implementing broad third-party governance and risk management frameworks/processes, developing third-party risk and control assessments, and implementing managed services to improve/enhance an organization's TPRM program.
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Deloitte is led by a purpose: to make an impact that matters. This purpose... defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to.