Manager, Technology Risk Management (Client/Regulator Inquiries and Audit Oversight) for Deloitte in Hermitage, TN (Estimated: $150,000 - $200,000 a year)

January 23, 2023

  • ISO 27001
  • ISO 27002
  • Leadership
  • Communication skills
  • ServiceNow
  • Bachelor's degree

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.


  • Provides leadership in understanding expectations and responding in a timely manner to information security inquiries from clients, regulators and MFs while being strategic about the extent, timing and nature of information communicated
  • Keep abreast of needs for new global policies, standards, and controls in the context of trends in multinational and local client requests
  • Leadership in anticipating requirements from clients, regulators and MFs and garnering a solid and reliable base of relevant information from a variety of sources proactively, so that we can be responsive to client, regulator and MF inquiries
  • Providing support and subject matter expertise in helping shape our policies and standards to align with client, regulator and MF expectations
  • Performing periodic updates and refining "best practices" for global and local security processes, procedures, and tools to improve automation and efficiencies


  • Provide leadership for the central service that handles responses to global cross border and non-cross border information security inquiries delivered through the combination of a global central shared service and a global delivery team
  • Ensure maintenance of a repository of previously completed information security requests and approved MF responses in standard answers banks, and perform annual reviews to ensure the repository is up to date
  • Ensure that necessary processes and protocols are in place and updated periodically to centralize to the extent possible client, regulator and MF information security inquiries into the global shared service channel
  • Manage rollout of new/updated processes, procedures, and tools that include communication, training, and support
  • Monitor and provide input on the planning (scope, timing, etc.) of audit and certification to align with anticipated needs of clients, regulators and MFs
  • Manage the completion of audit and certification coordination activities (scoping, data and evidence gathering, refinement, etc.) and facilitate staff as they analyze and evaluate various requests
  • Report and escalate risks and issues with deliverables requested by client, regulatory and/or MF audits, and actively follow-up for corrective action/progress against issues reported in audits and escalate where necessary
  • Assist in determining potential risks, understanding forward-looking regulations, identifying high-value audit areas, and providing guidance on audit scope

Relationship Management

  • Maintain effective relationships with various Global Risk, Deloitte Technology and MF stakeholders to effectively communicate the audit objectives and ensure audit, certifications and client's inquiries are completed as efficiently and effectively as possible
  • Proactively collaborate on an ongoing basis with 1LOD TRM in identifying, reporting, and mitigating technology risk issues and providing proactive guidance on scope of audit & certification
  • Liaising between member firms, Deloitte Global resources, and SMEs by creating and fostering strong firmwide relationships that include regular touchpoints
  • Assist in consolidating client inquiries and audit results and engage the relevant 1LOD team for remediation validation testing when issues are resolved

The team

Global Risk develops programs, processes, and resources to preserve, protect, and enhance the Deloitte brand around the world. We identify new and emerging risks that might impact the network, mitigate threats as they are identified and proactively engage key stakeholders to develop identification and mitigation procedures.


  • Bachelor's Degree or higher in business administration, a technology-related field or equivalent experience
  • Eight (8) or more years demonstrated experience in developing and applying leading practices in a large scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
  • Five (5) or more years of people management experience and proven leadership and coaching abilities.
  • Required Skills/abilities
  • Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF)
  • Advanced knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework
  • Advanced knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR)
  • Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments
  • Experience working and liaising with executives (e.g., CIO, CISO, Directors, Principals) senior management
  • Analytical and problem-solving mindset; demonstrated ability to synthesize large amounts of data in short periods of time for consumption by multiple stakeholders
  • Effective relationship-building, communication, presentation, and interpersonal skills
  • Highly disciplined, with strong organizational abilities
  • Ability to multi-task, prioritize work and work independently
  • Possess exceptional level of integrity and customer focus
  • Bilingual English and 1 other language French, Spanish, German, or Japanese a plus
  • One or more of CISA, CIA, CISM, CISSSP, CGEIT, ISO 27001/2 or similar certifications strongly preferred but equivalent knowledge will be considered

For more info.: