Compliance Leader
Chicago, IL

Job Description

Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

Work you'll do:

The Compliance Leader reports to the Cybersecurity Strategy and Governance Leader. The role focuses on providing assurance that cybersecurity controls are operating effectively across Deloitte Global and providing expected levels of risk reduction, as well overseeing Deloitte Global and member firm certification programs (e.g. ISO27001) and compliance with external requirements such as laws, regulations, and contracts.

As part of the Global Cybersecurity team, this professional:

Strategic

* Defines and maintains the Deloitte Global cybersecurity controls assurance program
* Defines and maintains the Deloitte Global and member firm external certification strategy and program

Operational

* Leads the execution of the cybersecurity controls assurance program across the Deloitte network
* Leads cybersecurity controls testing across the Deloitte network to determine control effectiveness and adherence to both internal cybersecurity policies and standards and external requirements (e.g. certifications, laws, regulations and contracts)
* Supports internal audit with cybersecurity subject matter expertise
* Reviews and contribute to cybersecurity audit plans
* Leads the implementation of the Deloitte network external certification strategy and oversees the implementation of the member firm external certification strategy
* Monitors and reports on non-compliance with internal cybersecurity policies and standards and external requirements
* Proposes changes to existing cybersecurity polices and standards based on lessons learned

Relationship Management

* Works closely with the other direct reports of the Cybersecurity Strategy & Governance Leader to ensure collaboration and alignment


* Fosters strong collaboration with Internal Audit, Global Risk and Data Privacy teams


* Works closely with member firm external certification leaders to ensure the consistency and efficiency of cyber certification efforts


* Works closely with the Cybersecurity Policies & Standards leader to develop appropriate assurance testing processes



What you'll be part of-our Deloitte Global culture:

At Deloitte, we expect results. Incredible-tangible-results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and lead global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in-with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out-with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Deloitte Global supports our talented professionals in answering the question: What impact will you make?

Expectations from the Professional

Our purpose is to make an impact that matters and our aspiration is to be the undisputed leader in professional services. At the root of these goals are our Shared Values, which describe the distinctive Deloitte culture. Our Values are timeless, all-encompassing and embrace the cultures in which Deloitte member firms operate. We expect all professionals to live our purpose and shared values and be the brand ambassadors holding Deloitte Global and member firms together.

Integrity

At Deloitte, everything we do starts with integrity. In our marketplace, nothing is more important than our reputation and, accordingly, we commit to conducting business with honesty, distinctive quality, and high levels of professional behavior.

Outstanding value to markets and clients

We play a critical role in helping both the capital markets and our member firm clients operate more effectively. We consider this role a privilege, and we know it requires constant vigilance and unrelenting commitment.

Commitment to each other

We are proud of our culture of borderless collegiality and work hard to support our people. We strive to create an inclusive environment that reflects our strong, clear expectations about diversity, respect, and fair treatment.

Strength from cultural diversity

Our member firm clients' business challenges are complex and benefit from the innovation and varied perspectives that our practitioners bring. We understand that working with people of different backgrounds, cultures, and thinking styles helps our people grow into better professionals and leaders.

Who you'll work with:

The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center. We are seeking a Compliance Leader to join this team.

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte's Total Rewards program reflects our continued commitment to lead from the front in everything we do - that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

#GLBStratGov

Education

* Bachelor's degree: degree in business administration, a technology-related field, or equivalent education-related experience
* Master's degree preferred

Work experience

* Minimum of 12 years of combined experience in the Information Security / Cybersecurity domain with a focus on compliance strategy and operations
* At least five years holding a management and leadership role
* Proven track record and experience of the following in a highly complex and global organization:
* developing a compliance strategy


* driving projects and solutions ensuring compliance across the organization


* ensuring compliance in the operational implementation





Certification

* Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials


* Member of IISP or have the qualification, skills and experience to become a member



Skills/abilities

* Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels


* Sound knowledge of business management and an expert knowledge of information / cybersecurity compliance


* Strong knowledge and understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard


* Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework


* Experience interacting, presenting and working with C-level executives (CEO, CIO, etc.)


* Ability to manage a global team in a matrix environment


* Ability to travel as needed up to 40%



All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com

Requisition code: DE19USAGTS007LS1844

*
*
*
*
*
*