DRSC A&A: GRC Technology (Senior Consultant/Manager)

Title: DRSC A&A – Senior Consultant

Location: Kuala Lumpur, MY

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. We believe in being a force for good through our WorldImpact portfolio, advising clients on purpose‑led growth and equitable, inclusive, and sustainable business practices.

• Conduct current‑state maturity assessments and design target GRC strategies tailored to client needs.
• Lead workshops with client stakeholders across ORM, ERM, BCM, PCM, IT risk, information security risk, and cyber risk.
• Translate business and IT risk requirements into detailed functional and technical specifications.
• Design and oversee the configuration of GRC platforms, including advanced workflows, dashboards, and risk analytics.
• Integrate GRC platforms with ITSM, SIEM, vulnerability management, and other IT/security systems.
• Manage User Acceptance Testing (UAT), training, and change management to ensure effective adoption.
• Develop dashboards and reporting solutions for risk owners, IT risk managers, and board‑level committees.
• Manage project delivery, budgets, risks, and communications with clients.
• Supervise and coach junior consultants, reviewing work products to ensure quality and consistency.
• Contribute to business development through proposals, client presentations, and thought leadership.

• Actively seek out developmental opportunities for growth, act as a strong brand ambassador for the firm, and share knowledge and experience with others.
• Respect the needs of colleagues and build cooperative relationships.
• Understand the goals of internal and external stakeholders to set personal priorities and align team work to achieve objectives.
• Constantly challenge themselves, collaborate with others to deliver on tasks, and take accountability for results.
• Build productive relationships and communicate effectively to positively influence teams and other stakeholders.
• Offer insights based on a solid understanding of what makes Deloitte successful.
• Exhibit integrity and confidence while motivating others through collaboration and recognizing individual strengths, differences, and contributions.
• Understand disruptive trends and promote potential opportunities for improvement.

• Bachelor’s or Master’s degree in IT, Risk, Business, or Engineering.
• 5–8 years’ experience in GRC consulting, risk transformation, or compliance within financial services.
• Strong knowledge of regulatory frameworks: MAS TRM, BOT guidelines, Basel III, COSO, ISO 27001, NIST CSF, IIA Standards.
• Hands‑on implementation experience with GRC platforms, preferably Archer GRC/IRM or ServiceNow IRM.
• Archer Certified Administrator (Specialist/Expert), ServiceNow CIS (Risk & Compliance), or equivalent certification required.
• Professional certifications such as CISA, CRISC, CISM, CISSP are highly desirable.

• Proven expertise in configuration and integration of GRC platforms.
• Ability to design dashboards, reporting features, and workflow automation.
• Experience with integrating GRC systems with ERP, SAP, Oracle, ITSM, JIRA, and cyber risk tools.
• Strong project management capabilities with experience in Agile and Waterfall methods.

• Strong client‑facing skills with ability to influence and consult at management levels.
• Excellent presentation, facilitation, and communication skills.
• Critical thinking and adaptability in dynamic project environments.
• Strong problem‑solving and conflict resolution capabilities.

• Extensive experience with FSI clients, including banks, insurers, and capital markets firms.
• Proven ability to deliver solutions covering ORM, ERM, BCM, PCM, IT risk, information security, and cyber risk.