Full Job Description
Do you have experience in risk management and controls? Are you tech savvy? At Deloitte, we help bring client data to life to enhance the risk assessment process, reveal unexpected patterns and outliers and offer insights. The business world is complex and ever changing and, as a result, Deloitte is helping to redefine audit by infusing our approach with cutting-edge technologies, data analytics and visualizations, and transformative audit delivery models. Lead audit into the future by helping deliver a more dynamic picture to our clients that provides meaningful insights, empowers decision-making, and informs tomorrow’s success.
Work you will do
This position is housed within the Technology Risk Management (TRM) team of the Audit & Assurance (A&A) Products and Solutions group that develops and deploys innovative technology products and solutions to Deloitte’s Audit & Assurance business and its clients. As an Information Technology (IT) Controls Specialist - Senior, you will be responsible for testing and monitoring controls over the technology solutions in multiple IT environments and cloud hosting locations at all stages of application design, development, and deployment. Under the guidance and supervision of an IT Controls Manager or Senior Manager, you will drive quality as part of the software development lifecycle (SDLC) using established risk and control frameworks (such as SOX, Security, Privacy, Confidentiality, Third Party or SOC/ISAE) to ensure that development, hosting, deployment and other risk decisions comply with existing firm policies, professional standards, laws and regulations and other internal and external requirements. You will assist with the creation of consultation memos resulting from subject matter expert or stakeholder collaboration and coordinate the centralized software review and certification process with Deloitte’s National Office. You will collaborate with various groups (e.g., internal IT organization, Deloitte’s vendors and IT service providers) and will be required to understand their roles and responsibilities in the overall IT control structure. Further, you will prepare and/or validate IT control-related aspects of product risk assessments and confidential information management plans, as well as assist other TRM team members with reviewing functional and nonfunctional requirements (i.e., user stories and acceptance criteria) and testing scripts to ensure alignment with controls requirements.
Our audits are fueled by more than just technology – what really sets us apart are our insightful professionals, collaborative culture, and commitment to innovation and continuous improvement. Our audit professionals apply a streamlined, intelligent approach to the audit, enabled by innovative tools and technologies. Quality is our top priority, and by focusing on innovation, we continue to raise the bar on quality and deliver greater value to our clients. Learn more about Deloitte Audit.
Bachelor’s degree in Computer Engineering, Management Information Systems, or other related degree.
Minimum of 1-2 years of experience in high-performing technology risk organization, or technology risk management professional with some experience working on large and medium-size audits performed in accordance with the PCAOB standards, or internal audit experience on clients or companies that are subject to SOX compliance.
Working knowledge of general Information Technology controls (GITC) across multiple IT platforms, including, but not limited to Windows and UNIX/Linux operating systems, SQL server, MongoDB, PostgreSQL, and MySQL databases.
Basic understanding and working knowledge of SOC 2, SOC 1 or ISAE 3402 methodologies.
Basic understanding of cloud computing concepts, including PaaS/IaaS services and SaaS offerings, as they relate to hosting environments (such as Microsoft Azure and Amazon Web Services) and their related controls.
High level of proficiency in Microsoft Office 365 products, especially Word, PowerPoint, SharePoint, Teams, Power BI and Excel.
Apply concepts of risk assessment and professional skepticism.
Strong project management skills to keep multiple projects organized and deliver results under tight, demanding deadlines for a high-volume of products and releases while maintaining high-quality and precision.
Strong verbal and written communication skills.
Proactive approach and anticipation of potential challenges.
Think strategically about products by gaining thorough understanding of products and processes.
Strong conflict management.
Understand or willing to learn how to operate under a scaled agile framework.
Ability to challenge the status quo, and to identify untapped opportunities, alternate approaches, and creative solutions.
Work in cross-functional environments with professionals across Deloitte (non-auditors) and various geographic locations.
Ability to apply technical audit knowledge to new scenarios.
Experience with Microsoft Azure DevOps.
Experience with Microsoft Azure hosting environment.
Experience with HIPAA, GDPR or other privacy regulations or laws.
ISO/NIST framework knowledge, security analysis experience on ERPs, and identity and access management experience.
How you will grow
At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore Deloitte University, The Leadership Center.
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationsips with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to. We also suggest that you brush up on your interviewing skills and practice discussing your experience and job history with a family member, friend, or mentor. Check out recruiting tips from Deloitte professionals.