Manager, Internal Audit

Administrative & Support Services

New York, New York, United States

Position Summary

Deloitte Touche Tohmatsu Services, LLC seeks a Manager, Internal Audit in New York, New York (and various unanticipated locations throughout the U.S.). 

Work You’ll Do

Responsible for leading control considerations related to multiple risk environments and frameworks (e.g., COBIT, COSO, etc.) at all stages of application design, development and deployment within a particular product portfolio. Drive quality as part of the software development lifecycle (SDLC) based on the Technology Risk and Control (TRC) milestones and responsible for compliance with the TRC roadmap. Responsible for escalation of control issues to Portfolio TRC leadership, assisting with the creation of consultation memos with stakeholder(s) and coordinating the centralized software review process over audit tools with National Office. Works on designing, implementing and monitoring IT controls related to the firm’s technology organization. Works closely with the following: Application teams, Professional Practice Network, Controls over Audit Tools Leader (COAT), Office of Confidentiality & Privacy, ITS, Office of General Counsel, Regulatory, Global Risk & Compliance and other leadership as needed to ensure that development, hosting, deployment and other risk decisions comply with existing firm policies, professional standards, laws and regulations and other internal and external requirements. Responsible for control related aspects of Risk Acceptance Frameworks (RAFs), ISQM 1 Risk and Response Matrices (RRMs) Confidential Information Management Plans (CIMP), General IT controls (GITC) risk frameworks, as well as assisting the other members of the TRC team in reviewing business requirements, functional requirements and UAT scripts to ensure alignment with internal policies, procedures and controls. Utilize experience with performing detailed assessments and consultations to ensure completeness and accuracy of essential IT and Business processes to validate integrity, confidentiality of data and continuity of key processes; conducting gap-analysis of IT control environments across various IT infrastructures to map complex organization processes to identify key problem drivers and provide agile solutions aligned with Global Standards; leading the development, testing and implementation of IT security frameworks to align with International Standards for Quality Management (ISQM) for new and existing systems across global landscape, that is inclusive of GEO specific laws and regulations; developing risk assessment frameworks based on the evolution of IT ecosystem to identify emerging vulnerabilities based on GEO-location to be leveraged across multi-functions; performing independent testing of SOC Type I & II, SAR, ISO or ISAE 34 to identify Entity level vulnerabilities that hold any residual risk; developing holistic automated solutions (such as automated compliance policy assessments, which send automated emails to 'offenders' on a daily basis) to provide consistent shared services operations across global channels / functions.

#LI-DNI 

Requirements 

Position requires a Bachelor’s degree, or foreign equivalent degree, in Business Information System or related field and three (3) years of experience in Consultant, Auditor or related occupation.

Special Requirements: Experience must have included three (3) years of experience with the following special skills:

  • Performing detailed assessments and consultations to ensure completeness and accuracy of essential IT and Business processes to validate integrity and confidentiality of data and continuity of key processes
  • Conducting gap-analysis of IT Control Environments across various IT infrastructures to map complex organization processes to identify key problem drivers and provide agile solutions aligned with Global Standards
  • Leading the development, testing and implementation of IT Security Frameworks to align with International Standards for Quality Management (ISQM) for new and existing systems across Global landscape, that is inclusive of GEO specific laws and regulations;
  • Developing risk assessment frameworks based on the evolution of IT ecosystem to identify emerging vulnerabilities based on GEO-location to be leveraged across multi-functions;
  • Performing independent testing of SOC Type I & II, SAR, ISO or ISAE 34 to identify Entity level vulnerabilities that hold any residual risk;
  • Developing holistic automated solutions (such as Automated Compliance Policy Assessments, which send automated emails to 'offenders' on a daily basis) to provide consistent Shared Services Operations across Global Channels / Functions.
  • Telecommute/work from home is permitted
  • EOE

Deloitte Global is required by local law to include a reasonable estimate of the compensation range for this role for individuals applying to work in our New York City location. This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and delivery model. A reasonable estimate of the range is $134,222 - $195,215 for individuals applying to work in this location.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.

Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.


Requisition code: 132330

SCAM ALERT

Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte US (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:

  • At Deloitte, ethics and integrity are fundamental and not negotiable.
  • We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
  • We have not authorized any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
  • We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
  • No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange for promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorized or fraudulent actions or engagements. We encourage jobseekers to exercise caution.