A&A: Consultant - Senior Consultant (Policy, Compliance, Risk Management)

Location: Bangkok, TH

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve.

We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose‑led growth and embed more equitable, inclusive as well as sustainable business practices.

Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals.

We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions.

Ready to unleash your potential with us? Join the winning team now!

As a GRC Technology Consultant, you will be part of our Governance, Risk, and Compliance (GRC) team, supporting the delivery of technology‑enabled risk transformation projects. In this role, you will perform a functional consultant capacity by gathering business requirements, contributing to the design, implementation, and enhancement of the Policy and Compliance Management (PCM) module within our GRC platform.

You will act as a bridge between business stakeholders, risk management teams, and the system implementation team, ensuring effective design, testing, and deployment of PCM functionalities. Your work will align with established risk management frameworks, regulatory requirements, and industry best practices to enable a robust and sustainable risk management environment.

• Gather business and regulatory requirements from stakeholders.
• Provide advisory on Policy and Compliance Management to support good design of system functionality to ensure design aligning with relevant regulatory requirement and good practice.
  • External Regulation, Policy and Control Standard Inventory
  • End to end process of policy management including policy revision and approval, establishment, acknowledgement, and monitoring overdue policy reviews.
  • Exception Process
  • New Regulation and Gap Analysis
  • Compliance Assessment and Control Attestation
• Translate requirements into system specifications and user stories.
• Prepare documentation including Requirement Traceability Matrix (RTM), Functional Specification Document (FSD), and process flows.
• Support design, configuration, and integration of the PCM module within the GRC platform.
• Develop and execute test cases and UAT scripts for PCM module.
• Support accuracy and completeness of data migration and system outputs.
• Document test results, track defects, and support resolution.
• Create training materials such as manuals, quick guides, and e-learning modules.
• Deliver user training sessions and provide adoption support.

• Bachelor’s or Master’s degree in Business Administration, Risk Management, Finance, Information Systems, or related field.
• 1–3 years of experience in GRC, Internal Audit, or Risk Advisory, preferably in the financial services sector.
• 5–8 years of experience in GRC, Internal Audit, or Risk Advisory, preferably in the financial services sector.
• Strong knowledge of Policy and Compliance frameworks and regulatory standards (Basel II/III, BOT, SEC etc.)
• Experience with GRC platforms (RSA Archer, SAP GRC, MetricStream, or equivalent) is a plus.
• Archer Certified Administrator (Specialist/Expert), ServiceNow CIS (Risk & Compliance), or equivalent certification is a plus.
• Proficiency in business analysis, documentation, and stakeholder facilitation.
• Strong problem‑solving, analytical, and communication skills.
• Professional certifications such as GRC, CISA, CRISC, CISM, CISSP are highly desirable.

• Exposure to GRC/IRM platforms such as Archer, ServiceNow, or MetricStream.
• Understanding of workflows, reporting, and dashboard.
• Proficiency in Microsoft Excel and PowerPoint for analysis and reporting.

• Analytical and detail‑oriented mindset with the ability to work on multiple projects simultaneously.
• Strong written and verbal communication, able to engage both technical and business stakeholders.
• Team‑oriented with a willingness to learn and adapt to dynamic client environments.
• Ability to work in structured consulting environments with deadlines and deliverables.

Exposure to banking, asset management, digital asset, insurance, and financial services risk and compliance processes. Understanding of significant risk and compliance domain for specific industry.

Requisition ID: 110918

In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.