Cyber Security Third Part Risk Management Sr Consultant

Deloitte & Touche L.L.P. Seattle , WA 98113

Posted 2 months ago

When you join Cyber Risk Services as a specialist in Third-Party Risk Management (TPRM), you will see how we work with some of the largest organizations in the world, across a variety of industries. Our client list includes eminent organizations across industries, e.g. technology, mining, media, pharmaceuticals, oil and gas, public sector and charities.

The work you perform will help you develop an understanding of:

  • the different third party relationships an organization may have across different industries;
  • the drivers which affect behaviors of business partners, suppliers and customers; and
  • the operational processes and controls required by an organization to effectively manage and monitor its third-party relationships.

TPRM offers a broad variety of solutions for our clients, e.g., designing and implementing cyber and broader third-party governance, risk management frameworks, and process flows, des developing third-party cyber control assessments, and considering how clients can leverage managed services to improve/enhance their TPRM program.

These are some examples of our common offerings, but in reality, because of the wide ranging organizational impact that TPRM has, there is a great variety of solutions we offer to clients in the TPRM space.


  • Support the design and implementation of third-party cyber risk operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks

  • Design policies and procedures that support the successful implementation of TPRM operating models Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements

  • Consider the application of legal and regulatory requirements to company's risk management practices.

  • Design technology enhancement requirements to support third-party risk management processes.

  • Track and communicate engagement performance and planning to Deloitte engagement management, ensuring project milestones remain on track and are completed timely

  • Actively mentor and train team members on Third Party Risk Management processes, governance, and frameworks

  • Work cross-functionally with team members to support and drive a collaborative team environment

  • Create and design effective presentations as a means for communicating project and deliverable progress to clients

  • Perform sophisticated data analyses to understand client's business and identify risk

  • Execute advanced services and supervise staff in delivering basic services

  • Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects

  • Understand client's business environment and basic risk management approaches

  • Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche's products and service lines

  • Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions

  • Generate innovative ideas and challenge the status quo

  • Build and nurture positive working relationships with clients with the intention to exceed client expectations

  • Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services

  • Identify opportunities to improve engagement profitability

  • Excellent potential for 1. playing lead role in designated tasks of the project team in gathering, organizing and analyzing data; 2. making major contributions in assuring products/deliverables meet contract/work plan; and 3. strong potential for growth and acceptance of additional responsibilities

  • Applicants need the ability to adopt a pragmatic approach to dealing with situations where confidentiality is important or where our work is of a sensitive nature. Helping maintain our client's strong professional relationships is integral to our business.


  • Experience within professional services or related roles within industry

  • 2+ years of demonstrated experience with cyber risk management across the third party engagement lifecycle (pre-contracting, contracting and post contracting) and an understanding of the associated organizational infrastructure (e.g. relevant internal controls, business processes, governance structures)

  • 2+ years of experience in one or more of the following:

  • Business process and organizational design (e.g. process mapping, workflows, governance structures across the three lines of defense, process and enterprise level RACIs)

  • Procurement / supply chain process assessment and design (and other third- party engagement processes not typically within procurement remit, e.g. distributor relationships)

  • Third party cyber assessment experience

  • Third Party Risk Management tools and technology solutions (e.g. GRC enablement solutions, etc.)

  • Third Party Risk Management market utilities (e.g. community models)

  • Framework testing (e.g. Process UAT, design of testing scripts and testing plans, etc.)

  • Experience in change management and/or managed service solution design and implementation a plus

  • BA/BS in Business Administration, Supply Chain, Accounting/Finance, Engineering, Computer Science, Information Management Systems or related fields

  • Willingness to travel 80% of the time (Monday Thursday) on a weekly base

  • Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future


  • Previous Consulting or Big 4 experience preferred

As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available.

Requisition code: EY20NATESC-VG60

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Consultant Cyber Risk Services


Posted 2 weeks ago

VIEW JOBS 10/30/2019 12:00:00 AM 2020-01-28T00:00 About Coalfire Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk. Our professionals are among the most talented in the industry, and each and every day, they strive to provide the unbiased assessments, advice, and innovative solutions that help our clients meet their specific challenges and build long-term strategies to protect their organizations. For nearly 20 years, we've been on the cutting-edge of one of the world's most important industries – and we're committed to making the world a safer place by solving our clients' toughest security challenges. What you'll do * Leads assessment engagements and advisory efforts including assessment plan preparation, review of technical plans, documentation and evidence, evaluation of procedures, and client interviews. * Prepare, review and approve advisory or assessment reports. * Manage priorities, tasks and hours on projects in conjunction with the project manager and/or Director to achieve delivery utilization targets and stay within allocated budgets. * Ensures quality products and services are delivered on time. * Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue. * Provide mentorship to team members in areas including, but not limited to: risk and controls assessments, technical control implementation, maturity assessments, and a wide range of remediation activities management programs. * Interfaces with clients through entire engagement, interacting will all levels of client organizations. Establish and maintain positive collaborative relationships with clients and stakeholders. * Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area. * Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables. What you'll bring * At least 4 (4+) years working experience in cyber security, GRC, and cyber related risk management * Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges and solutions * Knowledge of information governance, risk and security standards/frameworks and professional practices (NIST, ISO, CIS Top 20, ISSA, etc.) * Knowledge of the typical enterprise risk and security operational practices * Knowledge of information security related solutions, tools and utilities * Strong initiative * Strong analytical skills, demonstrated problem solving abilities * Strong oral and written communication skills * Bachelor's degree in Business Administration, Computer Science, Information Systems, Engineering or related field, or equivalent combination of education and experience Bonus Points * CISM, CISSP, CISA, CCSP, or CCSK certification(s) * Big Four Advisory/Consulting experience * DevSec Ops experience * AWS, Azure, Google Cloud Platform certification(s) * Healthcare, Financial Services, or Engery sector experience Why you'll want to join us Our people make Coalfire great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve. Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. We're connected by our desire to innovate and our goal of helping to make the world a more secure place. Coalfire's high energy, challenging, and fast-paced work environment will keep you engaged and motivated. Work-life balance is a core priority at Coalfire – we work hard and we play hard, and the two often overlap. We host family-friendly events and happy hours along with professional meetups and informal networking sessions, and we're active in our communities. Plus, we offer great benefits, including: * Health, dental, and vision insurance with an employer contribution * Flexible paid time off (employees are encouraged to spend four weeks away from the office each year) * A generous 401(k) plan * A corporate wellness program * Tuition reimbursement * A kitchen stocked with snacks, coffee, and tasty beverages Coalfire Seattle WA

Cyber Security Third Part Risk Management Sr Consultant

Deloitte & Touche L.L.P.