Senior Manager, Governance, Risk & Compliance

Job Type:Permanent
Primary Location:Toronto, Ontario, Canada
All Available Locations:Toronto, ON

Our Purpose
At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge. Purpose defines who we are and gives us reason to exist as an organization.
By living our Purpose, we will make an impact that matters.
Build a network of colleagues for life
Have an impact that matters through pro bono and significant volunteer opportunities.
Be empowered to lead and have impact with clients, our communities and in the office.

What will your typical day look like?

This position is responsible for leading and maintaining work associated with Deloitte technology Canada SOC 2 and SOC 1 compliance program, which includes managing the day-to-day responsibilities of gathering evidence, scheduling resources, coordinating with control owners and external auditors, and identifying potential audit issues/operational improvements specific to the SOC 2 and SOC 1 audits. In addition, team is responsible to respond to client security questionnaires, client audit requests and provide input to client MSA/SOW.
Work includes:

• Liaise with external auditors to scope and facilitate audits gathering and presenting evidence as required to support SOC 2 and SOC 1 audits.
• Lead and handle all stages of SOC 2 and SOC 1 audits, ensuring successful completion.
• Understand technology controls that impact on-premises and cloud technology, operational risk to the organization as well as related laws, regulations, and industry standards, specifically related to internal and cloud technology solutions.
• Assess technology and operational risks related to internal and cloud technology solutions providing input to personnel on appropriate controls to address audit risks
• Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment for on premises as well as cloud hosted IT applications and infrastructure meet the SOC 2 and SOC 1 attestation.
• Manage audit findings; identify and track remediation activities to meet target dates for closure, and track/report progress.
• Work with the appropriate personnel to determine scope of SOC 2 and SOC 1 audits.
• Develop and recommend appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet the requirements of the organization for on premises as well as cloud hosted IT applications and infrastructure.
• Complete client security questionnaire requests in a timely manner and collaborates with other teams to provide completed questionnaires
• Maintain and update the security questionnaire Answer Library
• Manage client security audit requests
• Work with legal and Risk Management team to review security clauses in MSA and SOW.
  

Enough about us, let's talk about you

• Bachelor's degree in computer science, Maths
• Minimum 5 years of directly related experience in the following: managing information technology audits, assessments, remediation management, creating, leading, and managing risk assessment programs.
• Experience with SSAE 18 SOC 2 and various other industry standard frameworks such as: NIST, ISO 27001.
• Experience leading IT internal audit, external audits, and or service organization control reporting and activities.
• Solid understanding of IT general controls and activities.
• Excellent written and verbal communication, listening, and facilitation skills.
• Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues, and obstacles (preferred).
• Strong understanding of and experience with cloud technologies and security controls.
• Industry certification (e.g., CISA, CISSP, CISM, CPA etc.) preferred.

Total Rewards

The salary range for this position is $104,000 - $215,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.

Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth. Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. Some representative examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, 38+ days off (including 10 firm-wide closures known as "Deloitte Days"), flexible work arrangements and a hybrid work structure.

Our shared values
While our Purpose guides us and helps explain why we exist, our shared values describe the behaviour we expect from each other at the firm.
They provide common ground to unite us across cultures and geographies. They help us to earn the trust and respect of our stakeholders. We all commit to living by these shared values, to stay true to the principles they represent, and to honour the legacy from which they came. They are what sets us apart and makes us Deloitte.
Every day, we live our Purpose through the following five shared values:

• Lead the way: Deloitte is not only leading the profession, but reinventing it for the future. We're also committed to creating opportunity and leading the way to a more sustainable world.
  
• Serve with integrity: Deloitte has earned the trust of employees, clients, regulators, and the public for 175 years. Upholding that trust is our single most important responsibility.
  
• Take care of each other: We look out for one another and prioritize respect, fairness, development, and well-being.
  
• Foster inclusion: We are at our best when we foster an inclusive culture and embrace diversity in all forms. We know this attracts top talent, enables innovation, and helps us deliver well-rounded client solutions.
  
• Collaborate for measurable impact: We approach our work with a collaborative mindset, teaming across businesses, geographies, and skill sets to deliver tangible, measurable, attributable impact.

The next step is yours

Sound like The One Firm. For You? Apply by [insert date].

At Deloitte, we are all about doing business inclusively - that starts with having diverse colleagues of all abilities. Deloitte encourages applications from all qualified candidates who represent the full diversity of communities across Canada. This includes, but is not limited to, people with disabilities, candidates from Indigenous communities, and candidates from the Black community in support of living our values, creating a culture of Diversity Equity and Inclusion and our commitment to our AccessAbility Action Plan , Reconciliation Action Plan and the BlackNorth Initiative .
We encourage you to connect with us at accessiblecareers@deloitte.ca if you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations). We'd love to hear from you!
By applying to this job you will be assessed against the Deloitte Global Talent Standards. We've designed these standards to provide our clients with a consistent and exceptional Deloitte experience globally.
Deloitte Canada has 30 offices with representation across most of the country. We acknowledge our offices reside on traditional, treaty and unceded territories as part of Turtle Island and is still home to many First Nations, Métis, and Inuit peoples. We are all Treaty people.

Job Segment: Internal Audit, Computer Science, Developer, Equity, Accounting, Finance, Technology