Deloitte leads with purpose,solving complex issues for our clients and communities. Across disciplines andacross borders, Deloitte Global supports our network of member firms bydeveloping and driving global strategy, programs, and platforms, and creatingnew solutions and transformational experiences. Our people share a passion forigniting change and a strong service orientation that shapes our organizationand those it supports.
Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with premier thought leaders in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?
Want to make an impact that matters? Consider Deloitte Global.
Work you'll do:
This position is housed within the Technology Risk Management (TRM) team of the Audit & Assurance (A&A) Products and Solutions group that develops and deploys innovative technology products and solutions to Deloitte's Audit & Assurance business and its clients. As an
Information Technology (IT) Controls Specialist - Senior
, you will be responsible for testing and monitoring controls over the technology solutions in multiple IT environments and cloud hosting locations at all stages of application design, development, and deployment. Under the guidance and supervision of an IT Controls Manager or Senior Manager, you will drive quality as part of the software development lifecycle (SDLC) using established risk and control frameworks (such as SOX, Security, Privacy, Confidentiality, Third Party or SOC/ISAE) to ensure that development, hosting, deployment and other risk decisions comply with existing firm policies, professional standards, laws and regulations and other internal and external requirements. You will assist with the creation of consultation memos resulting from subject matter expert or stakeholder collaboration and coordinate the centralized software review and certification process with Deloitte's National Office. You will collaborate with various groups (e.g., internal IT organization, Deloitte's vendors and IT service providers) and will be required to understand their roles and responsibilities in the overall IT control structure. Further, you will prepare and/or validate IT control-related aspects of product risk assessments and confidential information management plans, as well as assist other TRM team members with reviewing functional and nonfunctional requirements (i.e., user stories and acceptance criteria) and testing scripts to ensure alignment with controls requirements.
What you'll be part of - our Deloitte Global Culture:
At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.
Deloitte Global supports our talented professionals in answering the question: What impact will you make?
How you'll grow:
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.
Benefits you'll receive:
Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do — that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.
Candidates should have the following competencies and skills:
- Bachelor's degree in Computer Engineering, Management Information Systems, or other related degree.
- Minimum of 1-2 years of experience in high-performing technology risk organization, or technology risk management professional with some experience working on large and medium-size audits performed in accordance with the PCAOB standards, or internal audit experience on clients or companies that are subject to SOX compliance.
- Working knowledge of general Information Technology controls (GITC) across multiple IT platforms, including, but not limited to Windows and UNIX/Linux operating systems, SQL server, MongoDB, PostgreSQL, and MySQL databases.
- Basic understanding and working knowledge of SOC 2, SOC 1 or ISAE 3402 methodologies.
- Basic understanding of cloud computing concepts, including PaaS/IaaS services and SaaS offerings, as they relate to hosting environments (such as Microsoft Azure and Amazon Web Services) and their related controls.
- High level of proficiency in Microsoft Office 365 products, especially Word, PowerPoint, SharePoint, Teams, Power BI and Excel.
- Apply concepts of risk assessment and professional skepticism.
- Strong project management skills to keep multiple projects organized and deliver results under tight, demanding deadlines for a high-volume of products and releases while maintaining high-quality and precision.
- Strong verbal and written communication skills.
- Proactive approach and anticipation of potential challenges.
- Think strategically about products by gaining thorough understanding of products and processes.
- Strong conflict management.
- Understand or willing to learn how to operate under a scaled agile framework.
- Ability to challenge the status quo, and to identify untapped opportunities, alternate approaches, and creative solutions.
- Work in cross-functional environments with professionals across Deloitte (non-auditors) and various geographic locations.
- Ability to apply technical audit knowledge to new scenarios.
- Experience with Microsoft Azure DevOps.
- Experience with Microsoft Azure hosting environment.
- Experience with HIPAA, GDPR or other privacy regulations or laws.
- ISO/NIST framework knowledge, security analysis experience on ERPs, and identity and access management experience.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com
Requisition code: D74229
Apply on company website