Risk & Financial Advisory Senior Consultant- Third Party Risk Management

Cyber | Cyber & Strategic Risk
Same job available in 29 locations

Alexandria, Virginia, United States

Ann Arbor, Michigan, United States

Arlington, Virginia, United States

Atlanta, Georgia, United States

Austin, Texas, United States

Baltimore, Maryland, United States

Boston, Massachusetts, United States

Charlotte, North Carolina, United States

Chicago, Illinois, United States

Costa Mesa, California, United States

Dallas, Texas, United States

Ft. Lauderdale, Florida, United States

Grand Rapids, Michigan, United States

Houston, Texas, United States

Jersey City, New Jersey, United States

Los Angeles, California, United States

Miami, Florida, United States

Minneapolis, Minnesota, United States

New York, New York, United States

Parsippany, New Jersey, United States

Princeton, New Jersey, United States

Raleigh, North Carolina, United States

Reston, Virginia, United States

Richmond, Virginia, United States

San Diego, California, United States

San Jose, California, United States

Seattle, Washington, United States

Tucson, Arizona, United States

Washington, District of Columbia, United States

Position Summary

Risk & Financial Advisory Senior Consultant - Third Party Risk Management

Unanticipated risks have great consequences for clients. That’s especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models. Deloitte Risk and Financial Advisory’s Hybrid-Operate teams deliver next-generation managed services and advanced technology products to help organizations solve complex problems on a long-term basis. Teams do this by bringing together advanced analytics, robust domain knowledge and experience, and strong technology products to help clients monitor, manage, and measure their operational environment for risk.

Given the ever-increasing size and complexity of third party ecosystems, our clients are increasing leveraging our firm’s expertise to implement and operate a wide variety of Third Party Risk Management (TPRM) solutions designed to mitigate risks and drive more value in third party relationships. If you are seeking a role that offers exposure to these clients, Deloitte Risk and Financial Advisory’s Cyber practice may be the place for you.

The work you perform will help you develop an understanding of:

  • the different third-party relationships an organization may have across different industries
  • the drivers which affect behaviors of business partners, suppliers and customers; and
  • the operational processes and controls required by an organization to effectively manage and monitor its third-party relationships.

Work you will do:

  • Assist in the selection and tailoring of third party cyber risk management approaches, methods and tools to support delivery of third party cyber risk assessment services
  • Assist clients in developing their third party risk management programs, such as risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
  • Perform ongoing third-party cyber risk assessments to help clients identify and evaluate complex business and technology risks related to their third parties.
  • Comply with delivery SLA’s and provide periodic status updates including potential risks and delays to the project delivery to project manager.
  • Perform validation of sub-controls with third parties as per the validation process set by Deloitte and generate the final report in English language.
  • Provide periodic updates about status of work assigned to the project manager
  • Mentor new assessors on tools and methodology to conduct cyber risk reviews and demonstrate good understanding of client specific cyber security policy and procedures
  • Update project manager on potential risks and delays to the project delivery
  • Facilitate use of Deloitte tools and methodologies to review, design and/or implement third party cyber risk services
  • Identify opportunities to improve operational excellence

The successful Senior Consultant will demonstrate the following attributes:

  • Excellent verbal and written communication skills
  • Excellent inter-personal skills
  • Independent thinker and resourceful problem solver with an ability to exercise mature judgment
  • Takes ownership and drives toward a successful outcome
  • Can see the big picture and naturally looks for what other client problems the team can solve
  • Ability to work independently and in teams to manage multiple task assignments
  • Brings a genuine approach to day-to-day dealings that includes the highest ethical standard
  • Acting as a leader in a team environment

Required Qualifications:

  • Degree in information security, math, business, cyber security, computer science, data analytics or related field
  • 3+ yrs of relevant experience in information security
  • Working knowledge and understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.)
  • Demonstrate knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk
  • Demonstrate knowledge in one or more of the following cyber risk domains, including:
    • Security Governance and Management
    • Security Policies and Procedures
    • Application Security Controls
    • Access Controls
    • Network Security Operations
    • Security Architectures
    • Identity Management
    • Disaster Recovery & Business Continuity
    • Incident Response
    • Risk Management
    • Privacy and Data Protection
    • Encryption
  • Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
  • Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve
  • Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

Preferred Qualifications:

  • CISSP/CISA (or equivalent)
  • Experience with information security audit or assessments
  • Good understanding of legal and regulatory requirements around information security and data privacy, such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc.
  • Prior consulting experience
  • Experience with internal controls, risk assessments, business process, and internal IT control testing or operational auditing

The team:

The Deloitte Advisory Third-Party Risk Management (TPRM) team, part of our Cyber Risk Services, works with some of the largest organizations in the world, across a variety of industries, to assist organizations in the development and operation of TPRM programs. Our client list includes eminent organizations across industries, e.g. technology, mining, media, pharmaceuticals, oil and gas, public sector and charities.

Our TPRM portfolios of services includes a broad variety of solutions for our clients, including designing and implementing broad third-party governance and risk management frameworks/processes, developing third-party risk and control assessments, and implementing managed services to improve/enhance an organization’s TPRM program. 

Deloitte Office

Anywhere in the US

Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.

Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.


As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, where applicable. See notices of various ban-the-box laws where available.

Requisition code: 66584

SCAM ALERT

Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte US (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:

  • At Deloitte, ethics and integrity are fundamental and not negotiable.
  • We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
  • We have not authorized any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
  • We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
  • No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange for promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorized or fraudulent actions or engagements. We encourage jobseekers to exercise caution.