Compliance & Risk Platform Manager (ServiceNow)
Work you'll do:
Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national Member Firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.
Deloitte's Member Firm Services team is responsible for managing the relationship between DTTL Global and the Member Firms. This includes assessing and managing Member Firm compliance with applicable global standards. We are currently seeking a Compliance Platform Manager to join the ServiceNow and Compliance team.
The Compliance Platform Manager reports jointly to the ServiceNow Architecture & Delivery team and the Member Firm Assessments Leader. The role focusses on managing and maintaining the compliance platform based on ServiceNow GRC, and the compliance data it holds, as well as managing and maintaining the controls library, which underpins our compliance approach. The Compliance Platform Manager may also be required to coordinate these activities among their direct reports, expected to consist of two Compliance Analysts.
As part of the ServiceNow and Member Firm Services team, the professional shall:
• Manage and maintain the Integrated Controls Library (ICL) as agreed with other team members and relevant governance bodies
• Manage and maintain the ServiceNow GRC tool to ensure the solution continues to meet the compliance requirements of the organization within the established ServiceNow team
• Oversee and review controls extracted from new standard statements to provide detailed compliance criteria
• Assess and monitor the effectiveness of the ServiceNow GRC tool in accordance with agreed metrics and performance measures, and propose remedial actions where necessary
• Provide subject matter expertise and experience to continually improve the ServiceNow GRC tool
• Assist the ServiceNow Architecture team with establishing GRC capabilities globally
• Update and maintain the Integrated Controls Library (ICL) in discussion with other team members and as directed by relevant governance bodies
• Update compliance information in the ServiceNow GRC tool on behalf of Member Firms, for example Member Firm contact points and control information
• Support other team members where required to ensure that compliance processes are administered correctly via the ServiceNow GRC tool
• Configure, maintain and develop the ServiceNow GRC tool (along with the ServiceNow team) to ensure the tool continues to meet changing business requirements, for example configuring automated monitoring rules for new controls, working with support providers where necessary
• Support response and investigation of alerts generated by the ServiceNow GRC tool, working with other stakeholders as necessary to diagnose and resolve erroneous alerts, to prevent reoccurrence.
• Manage and maintain requirements for integration with other systems or solutions, working with support providers and ServiceNow platform team where necessary to ensure the tool continues to meet changing business requirements
• Provide support to Member Firms and other team members to address specific requests or requirements outside the standard features and functionality in the ServiceNow GRC platform
• Drive improvements in proficiency with the ServiceNow GRC tool across Member Firms and within the compliance team, creating supporting materials and delivering training where necessary to ensure users understand the features and functionality available within the tool to support compliance processes, roles and responsibilities
• Compliance activities Relationship Management
• Manage Compliance Analysts to ensure that activities related to the ServiceNow GRC tool and controls library are delivered in a coordinated and efficient manner
• Work closely with senior stakeholders to ensure that the controls library is updated with new standard statements and controls as directed by relevant governance bodies
• Work closely with other members of the Member Firm Services team, including the Compliance Manager and Member Firm Assessments Leader to ensure collaboration and alignment, to understand strategic and tactical priorities, and deliver continuous improvement in the ServiceNow GRC tool
• Provide advice and support to Member Firms and DTTL Service Teams as required to address specific queries and increase proficiency with the ServiceNow GRC tool
What you'll be part of - our Deloitte Global Culture:
At Deloitte, we expect results. Incredible-tangible-results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.
In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.
Deloitte Global supports our talented professionals in answering the question: What impact will you make?
How you'll grow:
Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.
Benefits you'll receive:
Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do - that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.
#GLBCyber Required Skills:
• Bachelor's degree: degree in business administration, a technology
related field, or equivalent education-related experience
• Minimum of 4-6 years of combined experience in the Information
Security / Cybersecurity domain ideally with a focus on governance, risk
• Proven track record and experience of the following in a highly complex
and global organization
• Managing compliance activities, including assessing and managing
compliance against agreed standards at the level of individual security
controls (administrative, technical / logical, physical) for multiple
organizations or business units
• Managing and maintaining a dedicated GRC solution to manage and
track compliance across multiple organizations or business units,
working with providers and support teams to ensure continued
development and enhancement of the solution Preferred Skills:
• ServiceNow Certified Implementation Specialistor equivalent GRC tool
certifications are strongly desirable (Note - a minimumlevel of
ServiceNow Certified Administrator will be required)
• Professional security management certificationsare desirable, in
particular ISO27001 Lead Auditor and/or Certified InternalAuditor (CIA).
Other certifications such as Certified Information SystemsSecurity
Professional (CISSP), Certified Information Security Manager (CISM),
Certified Information Systems Auditor (CISA) or other similar credentials
arealso welcome. Familiarity with CoBIT 5 and ITIL is also desirable
• Excellent written and verbal communicationskills, interpersonal and
collaborative skills, and the ability to communicatestrategic information
security topics, policies and standards as well asrisk-related concepts to
technical and nontechnical audiences at varioushierarchical levels
• Experience with ServiceNow platformadministration and/or development
is required for this position unless relevantrelatable experience can be
demonstrated with a similar compliance platform
• Broad technical and nontechnical understandingencompassing the
design, implementation and operation of administrative,technical /
logical and physical security controls across systems,infrastructure and
• Proficiency with ServiceNow GRC or equivalentGRC tools is strongly
desirable, including both technical, functional andintegration experience.
• Experience with and understanding of automated control monitoring, in
particular for Qualys and Microsoft System Center Configuration
Manager (SCCM) would also be valuable
• Ability to travel internationally as needed upto 10-15%. Knowledge of a
second language would also be an advantage
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law. Disclaimer:
Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com
Requisition code: D55127