A&A : Senior Consultant (Third Party Risk Management/Transformation)

Location: Bangkok, TH

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve.

We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose‑led growth and embed more equitable, inclusive as well as sustainable business practices.

Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals.

We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions.

Ready to unleash your potential with us? Join the winning team now!

As a GRC Technology Consultant, you will be part of our Governance, Risk, and Compliance (GRC) team, supporting the delivery of technology‑enabled risk transformation projects. In this role, you will perform a functional consultant capacity by gathering business requirements, contributing to the design, implementation, and enhancement of the Third Party Risk Management (TPRM) module within our GRC platform.

You will act as a bridge between business stakeholders, risk management teams, and the system implementation team, ensuring effective design, testing, and deployment of TPRM functionalities. Your work will align with established risk management frameworks, regulatory requirements, and industry best practices to enable a robust and sustainable risk management environment.

• Gather business and regulatory requirements from stakeholders.
• Provide advisory on Operational Risk Management to support good design of system functionality to ensure design aligning with relevant regulatory requirement and good practice.
  • Third Party Risk Management Framework
  • Third Party Risk Management Workflow from end to end including classification based on Bank of Thailand requirement or relevant regulation, Due Diligence & Risk Assessment, Monitoring & Ongoing, Termination & Offboarding Process, and Reporting for internal purpose and regulatory report.
  • Third Party Risk Indicators
  • Third Party and Vendor Inventory
  • Third Party Risk and Control Inventory
  • Third Party Risk Dashboard
• Translate requirements into system specifications and user stories.
• Prepare documentation including Requirement Traceability Matrix (RTM), Functional Specification Document (FSD), and process flows.
• Support design, configuration, and integration of the TPRM module within the GRC platform.
• Develop and execute test cases and UAT scripts for TPRM module.
• Support accuracy and completeness of data migration and system outputs.
• Document test results, track defects, and support resolution.
• Create training materials such as manuals, quick guides, and e-learning modules.
• Deliver user training sessions and provide adoption support.

• Bachelor’s or master’s degree in business administration, Risk Management, Finance, Information Systems, or related field.
• 5–8 years of experience in GRC, Internal Audit, or Risk Advisory, preferably in the financial services sector.
• Strong knowledge of ORM frameworks (COSO ORM, ISO 31000) and regulatory standards (Basel II/III, BOT including requirement for IT Third-Party and Business Partner).
• Experience with GRC platforms (RSA Archer, SAP GRC, MetricStream, or equivalent) is a plus.
• Archer Certified Administrator (Specialist/Expert), ServiceNow CIS (Risk & Compliance), or equivalent certification is a plus.
• Proficiency in business analysis, documentation, and stakeholder facilitation.
• Strong problem-solving, analytical, and communication skills.
• Professional certifications such as GRC, CISA, CRISC, CISM, CISSP are highly desirable.

• Exposure to GRC/IRM platforms such as Archer, ServiceNow, or MetricStream.
• Understanding of workflows, reporting, and dashboard.
• Proficiency in Microsoft Excel and PowerPoint for analysis and reporting.

• Analytical and detail‑oriented mindset with the ability to work on multiple projects simultaneously.
• Strong written and verbal communication, able to engage both technical and business stakeholders.
• Team‑oriented with a willingness to learn and adapt to dynamic client environments.
• Ability to work in structured consulting environments with deadlines and deliverables.

Exposure to banking, asset management, digital asset, insurance, and financial services risk and compliance processes. Understanding of significant risk and compliance domain for specific industry.

Due to volume of applications, we regret only shortlisted candidates will be notified.

Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website.

Requisition ID: 110917

In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.