Control Management Senior Manager - ServiceNow

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Deloitte drives progress. Using our vast range of expertise, we help our clients become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more.

The Control Management Senior Manager - ServiceNow will be responsible for the following:

• Shape the development of technology control management including scoping, development of and testing ServiceNow tools for ITRM processes in DT to allow for an effective, efficient and adaptable risk governance capability and contribute to its continuous improvement.
• Direct control development across DT, driving a consistent approach utilising the IRM capabilities within ServiceNow.
• Deliver the DT control library architecture and control data management.
• Secure commitment from member firms and stakeholders in the global firm to participate in the Technology Standards and Maturity Assessment with the objective to assess the member firm’s overall IT capability/maturity and to help them establish their own priorities.
• Keep abreast of new and emerging technologies being deployed and ensure risk assessment processes are appropriately applied and advise on decisions with technology risk impacts as new activities and other change management/transformational initiatives.
• Leverage available technical resources/tools to research; expand technology risk knowledge to enhance work product, to remain up to date on member firms and line of businesses hot topics while sharing the technology risk knowledge amongst the team where applicable.
• Advise member firms on technologies, processes and procedures to address gaps in conjunction with the Deloitte Technology and Integrity strategies.
• Advise on the development to the assessment criteria at the start of each assessment cycle – in conjunction with the Global Integrity Assessment Service Leader and the relevant subject matter experts.
• Leverage MFS8 controls library to integrate with a DT Controls library supporting ServiceNow changes to accommodate the changes in testing process to streamline the test approach.
• Lead the planning on various DT control management programs including development of a control library.
• Manage the integration of controls management into DT processes and various assessment programs to support the identification of controls and control enhancements in end-to-end processes, recommend remediation actions, and share insights and best practices with Deloitte Technology as a proactive measure to reduce the likelihood and impact of future risk events.
• Track first line of defence (1LoD) remediation progress and/or communicate recommendations for corrective action in controls where they relate to control management activities for control owners.

Connect to your skills and professional experience:

• Led and delivered at least one end to end programme process including the use of ServiceNow Integrated Risk Management module to support integrated IT risk Management processes.
• An understanding of the principles around CMMI, COBIT, ITIL, PMI, Prince2, ISO27001, SOC2.
• Cybersecurity or IT Risk Management experience which should include either control testing or compliance assessment experience.
• A strong understanding of system development life cycles approaches and concepts (CMMI knowledge an asset).
• Understand IT Operations and Service Management with strong understanding of ITIL framework or MOF (ITIL or equivalent certification an asset).
• Diplomatic and persuasive with an ability to handle difficult conversations and confidently manage senior stakeholders such as CIOs and CEOs.
• Experience developing a control library and automating into ServiceNow IRM.
• Detailed knowledge of current Deloitte security policies and technology standards and or relevant industry verifications; such as CISSP, CISA, CISM, CRISC, ISO27032 Lead Cybersecurity Manager or equivalent.
• Ability to influence and persuade at all levels from IT technical staff up to CIOs.
• Ability to manage virtual teams in multiple time zones, culturally astute.
• Be able to build key relationships across the GTS function and member firm network utilising excellent relationship management skills.
• Ability to manipulate complex data.
• Goals-oriented, self-starter and able to work independently with little daily supervision.
• Adaptability to and ability to embrace a wide range of cultures.
• Excellent written and oral communication skills. Additional language an asset.

Collaboration is central to everything we do at Deloitte. From IT to HR, marketing and more, our teams help to support the wider business in everything they do. Bringing your individual skills and specialist knowledge, you can make a far-reaching impact.

Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints.

Our hybrid working policy allows you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you’ll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely.

Making an impact is more than just what we do: it’s why we’re here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before.

A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you’ll experience a purpose you can believe in and an impact you can see.