Senior Consultant: Digital Controls and Cloud Auditing

Digital Controls - Cloud Security Risk - Senior Consultant

Do you thrive in times of disruption? Have a passion for turning challenges and opportunities into long-term competitive advantages? As a Senior Consultant in Deloitte Risk & Financial Advisory, you'll have the opportunity to gain valuable hands-on experience working alongside leading professionals across diverse industries while building your professional skills in a variety of project experiences. Our Deloitte Risk & Financial Advisory practice helps organizations effectively navigate business risks and opportunities-from strategic, reputation, and financial risks to operational, cyber, and regulatory risks-to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading team's help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries.

The team

Deloitte Risk & Financial Advisory helps organizations navigate a variety of risks to lead in the marketplace and disrupt through innovation. The insights of our professionals, combined with our specialized products and services, help clients learn how to embrace complexity and leverage their position of strength to accelerate performance.

Learn more about our Deloitte Risk & Financial Advisory practice at Deloitte.

Work you'll do

Our professionals understand the dynamics of serving complex, global clients across multiple industries, and the importance of increasing transparency around business performance. We provide specialized cloud and internal control services for internal and external audit clients along with other services related to financial reporting. To further exploit opportunities and mitigate the risks presented by different markets, we also work with clients to navigate complexities, risks and opportunities presented by third-party relationships.

The type of work you focus on will be influenced by your office placement and business needs. Your recruiter will be able to provide more information about our offices. Projects would be aligned to Cloud and may include:

• Application modernization and migration risk assessments
• Cloud native applications and services risk and control assessments
• Cloud services orchestration and automation
• Cloud managed services
• Risk and control assessments
• Control design, implementation, operation, and evaluation
• Cloud secure reference architectures design evaluation
• Risk and control analysis of automated DevSecOps pipelines
• Cloud security posture management assessments
• Ideating and developing cloud risk and controls solutions to meet client needs

• Proficiency in verbal and written communication skills essential to interacting with clients and teams
• Ability to work independently and manage multiple projects/assignments/responsibilities in a fast-paced environment with minimal oversight
• Strong problem solving and critical thinking skills
• Ability to quickly research and collect data from unique places
• Ability to synthesize data and convey information in a concise yet meaningful way
• Strong understanding of Cloud and IaaS, PaaS, and SaaS services

• BA/BS in Computer Science, Information Systems Administration or a related field
• 4+ years of related professional experience
• 3+ years' experience in auditing Cloud (e.g.; AWS, Azure or GCP) from a technical risk and controls perspective
• Associate or professional level certifications in AWS, Azure, or GCP
• Experience in Infrastructure as a code, DevSecOps, CI/CD pipeline architecture, and relevant tools such as GitHub, CircleCI, Jenkins, Ansible, Cloud Formation, Terraform, AzureDevOps, etc.
• Experience in automation and leveraging it to drive risk, security compliance, monitoring and remediation
• Demonstrated ability to plan and manage engagements along with ensuring deliverables meet work plan specifications and deadlines.
• Strong background in IT risk assessment and remediation within Cloud and/or computer control environments
• Experience identifying controls and making recommendations to bolster security and compliance posture
• Expertise in designing and developing proof of concepts and executing test plans
• Demonstrated ability to write technical reports and to participate in presentations with executive leadership
• Ability to travel up to 50% (While 50% travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice)
• Limited immigration sponsorship may be available.

• Prior Big 4 experience is a plus
• Working knowledge of programming and scripting languages (e.g., Python, Node.js, PowerShell, JSON, YAML, etc.)
• Experience working with Web service and APIs strongly preferred
• Knowledge of industry information security and cloud security frameworks such as NIST 800-53, ISO 27001, CSA CCM etc.
• Understanding of data analytics tools such as Tableau, Alteryx, Snowflake is a plus
• Experience with Sarbanes-Oxley is desirable
• Master's in accounting, Computer Science, Information Systems, or a related field is a plus
• CPA, CISA or CISSP
• Team management experience is a plus
• Understanding of cloud technologies like Containers, Kubernetes, serverless, microservices, IOT, AI, etc. highly desirable