Audit and Assurance Products and Solutions: Risk and Controls Advisory Lead

Are you a good storyteller? Can you see the arrangements in the numbers? At Deloitte we help bring client data to life to enhance the risk assessment process, reveal unexpected patterns and outliers and offer insights. The business world is complex and ever changing and, as a result, Deloitte is helping to redefine audit by infusing our approach with cutting-edge technologies, data analytics and visualizations, and transformative audit delivery models. Lead audit into the future by helping deliver a more dynamic picture to our clients that provides meaningful insights, empowers decision-making, and informs tomorrow's success.

Work you'll do

As Risk and Controls Advisory Lead, you will be responsible for leading control considerations related to multiple risk environments and frameworks (e.g., Security, Confidentiality, Third Party Access, etc.) at all stages of application design, development and deployment.. In this interesting and diverse role, will be working on designing, implementing and monitoring controls related to the Deloitte Audit technology organization and will ensure that these risk decision comply with existing firm policies, professional standards, laws and regulations and other internal and external requirements.

Responsibilities include:

  • Managing and coaching all Risk and Controls product leads within portfolio
  • Reviewing user stories (i.e., business and functional requirements) for legal holds and production requests, data retention and archival, and other risk and controls considerations and requirements
  • Supervising completion of all application Risk Acceptance Frameworks (RAFs), Confidential Information Management Plans (CIMP), and AAM 22852 packages including co-ordination with National Office, when needed
  • Identifying solutions for risks related to platform development, including the documentation of the future state and vision
  • Serving as the voice and representative of R&C team during the software development lifecycle
  • Managing workload capacity of R&C professionals based on development timelines
  • Understanding or willing to learn how to operate under a scaled agile framework
  • Capability of effectively negotiating with stakeholders

The team

Our audits are fueled by more than just technology – what really sets us apart are our insightful professionals, collaborative culture, and commitment to innovation and continuous improvement. Our audit professionals apply a streamlined, intelligent approach to the audit, enabled by innovative tools and technologies. Quality is our top priority, and by focusing on innovation, we continue to raise the bar on quality and deliver greater value to our clients. Learn more about Deloitte Audit.

How you'll grow

At Deloitte, we believe in professional development and helping our people grow. We offer learning opportunities to help you sharpen your skills in addition to hands-on experience in the global, fast-changing business world. We support the development of leadership and technical skills through leading-edge learning development solutions such as our Audit on-boarding training program. When you join, you'll participate in Welcome to Deloitte, a 2-day orientation followed by audit analytics-specific training to set you up for success on the team. Explore Deloitte University, The Leadership Center.


Strong knowledge of General Information Technology controls (GITCs) across multiple IT platforms, including, but not limited to Windows and UNIX operating systems, SQL server, MongoDB, MySQL, SAP HANA and Oracle databases. Deep understanding and working knowledge of SOC 2, SOC 1 and/or ISAE 3402 methodologies and understanding of cloud computing and related controls. Extensive experience working on large and medium-size external audits performed in accordance with PCAOB standards and/or internal audit experience on clients that are subject to SOX compliance. Additional beneficial qualifications: HIPAA experience, ISO/NIST framework knowledge, security analysis experience on ERPs, identity and access management experience.

Candidates should have the following traits and skills:

  • Apply concepts of risk assessment and apply professional skepticism
  • Coach and train Risk and Control (R&C) Advisory Staff
  • Apply technical knowledge to new scenarios
  • Identify and address challenges before they occur
  • Not be afraid to fail, resurrect, and fail again until success is achieved
  • Think strategically about products by understanding roadmap/plan
  • Embrace conflicting perspectives
  • Confidently lead meetings and / or engage with PPMDs and senior leaders in the firm
  • Work in cross-functional environments with professionals across Deloitte (non-auditors) and various geographic locations


At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte's culture

Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.

Recruiter tips

We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. We also suggest that you brush up on your interviewing skills and practice discussing your experience and job history with a family member, friend, or mentor. Check out recruiting tips from Deloitte professionals.

Requisition code: E18NATASRC010-RC

See Inside the Office of Deloitte

One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.

Back to top