Audit and Assurance Products & Solutions: Technology Risk and Controls – Advisory

Deloitte - Tampa, FL4.0

Full-timeEstimated: $91,000 - $120,000 a year
Do you have experience in risk management? At Deloitte, we help bring client data to life to enhance the risk assessment process, reveal unexpected patterns and outliers and offer insights. The business world is complex and ever changing and, as a result, Deloitte is helping to redefine audit by infusing our approach with cutting-edge technologies, data analytics and visualizations, and transformative audit delivery models. Lead audit into the future by helping deliver a more dynamic picture to our clients that provides meaningful insights, empowers decision-making, and informs tomorrow’s success.

Work you’ll do
As Technology Risk and Controls Manager - Advisory within our Audit and Assurance Products Solutions group, you will be responsible for leading control considerations related to multiple risk environments based on an integrated controls framework (e.g., Security, Confidentiality, Third Party Access, etc.) at all stages of application design, development and deployment. Work with various stakeholder parties (e.g., internal information technology organization, vendors and information technology service providers) in the design and operations of control environment. This individual will be working on designing, implementing and monitoring controls related to the global Deloitte Audit Products and Solutions organization. You will also implement Technology Risk and Controls (TRC) requirements of various audit and assurance products and solutions within a particular product portfolio. Under the guidance of TRC Portfolio leadership, the professional will have primary responsibility to drive quality as part of the software development lifecycle (SDLC) based on the TRC milestones and will be responsible for compliance with the TRC controls roadmap. You will work closely with the Professional Practice Network (PPN), Controls over Audit Tools Leader, Office of Confidentiality & Privacy, ITS, Office of General Counsel, Regulatory, Global Risk & Compliance and other leadership as needed to ensure that development, hosting, deployment and other risk decisions comply with existing firm policies, professional standards, laws and regulations and other internal and external requirements.

Responsibilities include:
Attending sprint review sessions and providing guidance to product teams in the design of application layer controls.

in leading the creation of user stores (i.e., business and functional requirements) for legal holds and production requests, data retention and archival, and other TRC requirements in co-ordination with product owners

Reviewing alignment of business requirements, functional requirements and UAT scripts

Assisting the product owner on establishing a prudent UAT strategy, formulating UAT approach and reviewing the UAT scripts

Owning completion of Risk Acceptance Frameworks (RAFs), Confidential Information Management Plans (CIMP) and software quality review packages including co-ordination with National Office, when needed

Escalating risks identified related to software development to the TRC portfolio leadership

Understanding or willing to learn how to operate under a scaled agile framework

Capability of creating documentation to be leveraged in negotiation with internal and external stakeholders such as vendors and quality inspections

The team
Our audits are fueled by more than just technology – what really sets us apart are our insightful professionals, collaborative culture, and commitment to innovation and continuous improvement. Our audit professionals apply a streamlined, intelligent approach to the audit, enabled by innovative tools and technologies. Quality is our top priority, and by focusing on innovation, we continue to raise the bar on quality and deliver greater value to our clients. Learn more about Deloitte Audit.

How you’ll grow
At Deloitte, we believe in professional development and helping our people grow. We offer learning opportunities to help you sharpen your skills in addition to hands-on experience in the global, fast-changing business world. We support the development of leadership and technical skills through leading-edge learning development solutions. Explore Deloitte University, The Leadership Center.


Experience requirements:
An experienced high-performing technology risk management or advisory professional with extensive experience working on large and medium-size audits performed in accordance with the PCAOB standards or detailed experience in building technology products for an audit or other regulated stakeholder group.

Strong knowledge of General Information Technology controls (GITCs) across multiple IT platforms, including, but not limited to Windows and UNIX operating systems, SQL server, MongoDB, MySQL, SAP HANA and Oracle databases.

Deep understanding and working knowledge of SOC 2, SOC 1 and/or ISAE 3402 methodologies and understanding of cloud computing and related controls.

Extensive experience working on large and medium-size external audits performed in accordance with PCAOB standards and/or internal audit experience on clients that are subject to SOX compliance.

Additional beneficial qualifications: HIPAA experience, ISO/NIST framework knowledge, security analysis experience on ERPs, identity and access management experience.

Familiarity with Azure IaaS and PaaS s control considerations is a plus.

Strong technical skill and familiarity with embedding controls within a n agile Software Development Lifecycle.

Candidates should have the following traits and skills:
Ability to challenge the status quo, and to identify untapped opportunities, alternate approaches, and creative solutions to audit products and solutions.

Reasonable familiarity with other audit or other regulatory technology applications.

Strong project management skills to keep multiple projects organized

Strong verbal and written communication skills

Working knowledge or ability to learn Audit Methodology elements needed to understand and use as needed

Solve problems creatively

Apply technical audit knowledge to new scenarios

Identify and address challenges before they occur

Embrace conflicting perspectives

Confidently engage with senior leaders in the firm

Work in cross-functional environments with professionals across Deloitte (non-auditors) and various geographic locations

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte’s culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.

Recruiter tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to. We also suggest that you brush up on your interviewing skills and practice discussing your experience and job history with a family member, friend, or mentor. Check out recruiting tips from Deloitte professionals.

As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.