A&A : Consultant (Information Technology Risk Management (ITRM)/Risk Transformation)

Overview Select how often (in days) to receive an alert: Date: 9 Oct 2025Location: Bangkok, TH Are you ready to unleash your potential?At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices. Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals. We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions. Ready to unleash your potential with us? Join the winning team nowWork You Will Do As a GRC Technology Consultant, you will be part of our Governance, Risk, and Compliance (GRC) team, supporting the delivery of technology-enabled risk transformation projects. In this role, you will perform a functional consultant capacity by gathering business requirements, contributing to the design, implementation, and enhancement of the Information Technology Risk Management (ITRM) module within our GRC platform. You will act as a bridge between business stakeholders, risk management teams, and the system implementation team, ensuring effective design, testing, and deployment of ITRM functionalities. Your work will align with established risk management frameworks, regulatory requirements, and industry best practices to enable a robust and sustainable risk management environment. Key Responsibilities Gather business and regulatory requirements from stakeholders. Provide advisory on Information Technology Risk Management to support good design of system functionality to ensure design aligning with relevant regulatory requirement and good practice. Information Technology Risk Management Framework and Matrix Information Technology Risk Management Workflow from end to end including identification, assessment, monitoring, escalation and reporting. Information Technology Risk Indicators Information Technology Risk Inventory and Controls Information Technology Asset (application, devices, IT asset etc.) and Mapping with Control Information Technology Risk Dashboard IT Incident Management Activities from end-to-end process Translate requirements into system specifications and user stories. Prepare documentation including Requirement Traceability Matrix (RTM), Functional Specification Document (FSD), and process flows. Support design, configuration, and integration of the ITRM module within the GRC platform. Develop and execute test cases and UAT scripts for ITRM module. Support accuracy and completeness of data migration and system outputs. Document test results, track defects, and support resolution. Create training materials such as manuals, quick guides, and e-learning modules. Deliver user training sessions and provide adoption support. Qualifications Bachelor’s or Master’s degree in Business Administration, Risk Management, Finance, Information Systems, or related field. 1–3 years of experience in GRC, Internal Audit, or Risk Advisory, preferably in the financial services sector. Strong knowledge of IT Risk Management frameworks and regulatory standards (e.g. ISO, NIST, COBIT, Basel, or BOT). Experience with GRC platforms (RSA Archer, SAP GRC, MetricStream, or equivalent) is a plus. Archer Certified Administrator (Specialist/Expert), ServiceNow CIS (Risk & Compliance), or equivalent certification is a plus. Proficiency in business analysis, documentation, and stakeholder facilitation. Strong problem-solving, analytical, and communication skills. Professional certifications such as GRC, CISA, CRISC, CISM, CISSP are highly desirable. Technical Skills Exposure to GRC/IRM platforms such as Archer, ServiceNow, or MetricStream. Understanding of workflows, reporting, and dashboard. Proficiency in Microsoft Excel and PowerPoint for analysis and reporting. Soft Skills Analytical and detail-oriented mindset with the ability to work on multiple projects simultaneously. Strong written and verbal communication, able to engage both technical and business stakeholders. Team-oriented with a willingness to learn and adapt to dynamic client environments. Ability to work in structured consulting environments with deadlines and deliverables. Industry Focus FSI exposure to banking, asset management, digital assets, insurance, and financial services risk and compliance processes. Understanding of significant risk and compliance domain for specific industry. Due to volume of applications, we regret only shortlisted candidates will be notified. Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website. Requisition ID: In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website. #J-18808-Ljbffr