Audit and Assurance Technology Controls - IT Controls Specialist Manager


Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do:

This position provides risk management and related support to the U.S. and Global Audit & Assurance (A&A) Products and Solutions organization that develops and deploys innovative technology products and solutions to Deloitte's A&A business and its clients.

This position is housed within the Technology Risk Management (TRM) team of the Audit & Assurance (A&A) Products and Solutions group that develops and deploys innovative technology products and solutions to Deloitte's Audit & Assurance business and its clients.As an Information Technology (IT) Controls Specialist - Manager, you will be responsible for implementing and monitoring risk and control considerations to effectively identify regulatory, legal and compliance risk exposures, with a focus on quality, data protection and security matters related to our innovative products and solutions, environments and frameworks at all stages within the software development lifecycle (SDLC) (e.g., application design, development and deployment). This exciting and challenging role invites you to drive quality as part of the SDLC, initiate consultations with stakeholder groups, ideate on ways to creatively solve challenges and increase quality, and escalate matters as necessary to TRM Leadership.

Under the guidance and supervision of TRM Leadership, you will drive quality as part of the SDLC using established risk and control frameworks (such as SOX, COBIT, SOC/ISAE, ISO/NIST, etc.) to ensure that development, hosting, deployment and other risk decisions comply with existing firm policies, professional standards, laws and regulations, and other internal and external requirements. You will collaborate with various groups (such as, internal product and IT groups, Deloitte's vendors and IT service providers, and Global risk, regulatory and privacy teams) and will be required to understand their roles and responsibilities in the overall IT control structure. You will plan and lead IT control testing of products and solutions, overseeing the work performed by TRM Senior Analysts, and reviewing control testing documentation while ensuring a high-level of quality and adherence to firm standards. You will be responsible for escalation of controls findings to applicable leadership, assisting with the creation of consultation memos with stakeholder(s), and coordinating the centralized software review process with National Office. Further, you will prepare and/or validate control-related aspects of product risk assessments and confidential information management plans, as well as assist other TRM team members with reviewing functional and nonfunctional requirements (i.e., user stories and acceptance criteria) and testing scripts to ensure alignment with controls requirements. You will also be responsible for the supervision and oversight of TRM Senior Analysts, who drive the day-to-day activities.

You will also be responsible for conducting compliance procedures within the Deloitte Global technical certification framework for global and regional development hubs. As part of our Global technical certification framework initiative, you will be responsible for understanding the organization's development processes, assessing them against the pre-established framework, authoring reports, and communicating results to leadership and other stakeholders. In addition, you will continually evaluate the technical certification framework for relevance to existing technologies and process efficiencies and influence adjustments, as needed.

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible-tangible-results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network. 

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

How you'll grow:

Deloitte Global inspires our people at every level. We believe in investing in you, helping you at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching, and mentoring. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do - that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate Citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.

  • Bachelor's degree in Computer Engineering, Management Information Systems, or other related degree.
  • Minimum of 5 years of experience in high-performing technology risk organization, or technology risk management professional with experience working in large, complex technology environments, or internal audit experience on clients or companies that are subject to regulatory compliance.
  • Strong working knowledge of general Information Technology controls (GITC) across multiple IT platforms, including, but not limited to Windows and UNIX/Linux operating systems, SQL server, MongoDB, PostgreSQL, and MySQL databases. 
  • Deep understanding and working knowledge of SOC 1, SOC 2 or ISAE 3402 methodologies.
  • Understanding of SDLC in a scaled agile development framework (SAFe).
  • Understanding of cloud computing concepts, including PaaS/IaaS services and SaaS offerings, as they relate to hosting environments (such as Microsoft Azure and Amazon Web Services) and their related controls.
  • High level of proficiency in Microsoft Office 365 products, especially Word, PowerPoint, SharePoint, Teams, Power BI and Excel.
  • Ability to apply concepts of risk assessment and professional skepticism.
  • Ability to challenge the status quo, and to identify untapped opportunities, alternate approaches, and creative solutions to products and solutions
  • Ability to review key deliverables (control testing, evaluation of test results, other items as requested, etc.) to ensure adherence to high quality standards
  • Strong project management skills to keep multiple projects organized and deliver results under tight, demanding deadlines for a high-volume of products and releases while maintaining high-quality and precision.
  • Strong verbal and written communication skills.
  • Proactive approach and anticipation of potential challenges.
  • Work in cross-functional environments with professionals across Deloitte (non-auditors) and various geographic locations. Coach, train, develop and manage other team members.

Other Qualifications:

  • Ability to apply technical audit knowledge to new scenarios.
  • Experience with Microsoft Azure DevOps.
  • Experience with Microsoft Azure hosting environment.
  • Experience with HIPAA, GDPR or other privacy regulations or laws.
  • Familiarity with data analytics and/or technology fueled by machine learning/AI or RPA.
Salary Range
$92,000.00 - 133,000.00
per Year
Salary range estimated by
Dallas, TX 75201, US
Apply Now