This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Risk & Compliance Manager
Deloitte - Birmingham, AL
posted about 2 months ago
About the position
The Risk & Compliance Manager at Deloitte is responsible for supporting audits and assessment programs within the Technology Cyber Security Risk & Compliance team. This role involves managing technology and operational risks related to both on-premises and cloud-hosted IT applications and infrastructure. The manager will work closely with internal and external auditors, ensuring compliance with relevant laws, regulations, and industry standards while developing and implementing security solutions to mitigate identified risks.
Responsibilities
- Develop, manage, lead, and execute strategies and tasks associated with the ISO and TISAX security programs.
- Understand and assess technology and operational risks related to internal and cloud technology solutions.
- Design, recommend, plan, develop, and support implementation of project-specific security solutions.
- Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the IT environment.
- Manage remediation of identified risks and vulnerabilities, tracking progress and reporting to stakeholders.
- Represent Information Technology in internal and external assessments and audits, interpreting results and developing recommendations.
- Participate in continuing education and professional organizations to stay current in information security.
- Work with various departments to determine the scope of audits and assessments as defined by contracts and regulations.
- Develop and recommend information security policies, standards, procedures, and guidelines.
- Develop risk/vulnerability assessment programs and questionnaires to identify and mitigate security risks.
Requirements
- Bachelor's degree or equivalent in Computer Science, Business Administration, or Information Systems.
- Minimum 6 years of experience in managing IT audits, assessments, and remediation management.
- Minimum 2 years of experience with industry standard frameworks such as ISO 27001, SSAE 18 SOC 1 and SOC 2, HIPAA, HITRUST, etc.
- Minimum 1 year of people leadership or project management experience.
Nice-to-haves
- Master's Degree in Information Security, Information Protection, or related fields.
- Industry certifications such as CISA, CISSP, CISM.
- Familiarity with privacy laws and data protection/security regulations.
- Experience with Archer Policy/Compliance Management tool.
- Understanding of underlying infrastructure architecture including cloud security and communication protocols.
Benefits
- Competitive salary range of $93,000 - $191,000 based on experience and qualifications.
