DRSC A&A: GRC Technology

Select how often (in days) to receive an alert.

Date: 15 Sept 2025

Location:
Kuala Lumpur, MY

Title: DRSC A&A – Senior Consultant

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices. We seek talented individuals driven to excel and innovate, working together to achieve our shared goals. We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions. Ready to unleash your potential with us? Join the winning team now

• Conduct current-state maturity assessments and design target GRC strategies tailored to client needs.
• Lead workshops with client stakeholders across ORM, ERM, BCM, PCM, IT risk, information security risk, and cyber risk.
• Translate business and IT risk requirements into detailed functional and technical specifications.
• Design and oversee the configuration of GRC platforms, including advanced workflows, dashboards, and risk analytics.
• Integrate GRC platforms with ITSM, SIEM, vulnerability management, and other IT/security systems.
• Manage User Acceptance Testing (UAT), training, and change management to ensure effective adoption.
• Develop dashboards and reporting solutions for risk owners, IT risk managers, and board-level committees.
• Manage project delivery, budgets, risks, and communications with clients.
• Supervise and coach junior consultants, reviewing work products to ensure quality and consistency.
• Contribute to business development through proposals, client presentations, and thought leadership.

At Deloitte, we believe in empowering our people to be leaders at all levels. Senior Consultants / Managers across our Firm are expected to:

• Actively seek out developmental opportunities for growth, act as strong brand ambassadors for the firm, and share knowledge and experience with others.
• Respect the needs of colleagues and build cooperative relationships.
• Understand the goals of internal and external stakeholders to set personal priorities and align their teams' work to achieve objectives.
• Constantly challenge themselves, collaborate with others to deliver on tasks, and take accountability for results.
• Build productive relationships and communicate effectively to positively influence teams and other stakeholders.
• Offer insights based on a solid understanding of what makes Deloitte successful.
• Project integrity and confidence while motivating others through team collaboration and recognizing individual strengths, differences, and contributions.
• Understand disruptive trends and promote opportunities for improvement.

• Bachelor's or Master's degree in IT, Risk, Business, or Engineering.
• 5–8 years' experience in GRC consulting, risk transformation, or compliance within financial services.
• Strong knowledge of regulatory frameworks: MAS TRM, BOT guidelines, Basel III, COSO, ISO 27001, NIST CSF, IIA Standards.
• Hands-on implementation experience with GRC platforms, preferably Archer GRC/IRM or ServiceNow IRM.
• Archer Certified Administrator (Specialist/Expert), ServiceNow CIS (Risk & Compliance), or equivalent certification required.
• Professional certifications such as CISA, CRISC, CISM, CISSP are highly desirable.

• Proven expertise in configuration and integration of GRC platforms.
• Ability to design dashboards, reporting features, and workflow automation.
• Experience with integrating GRC systems with ERP, SAP, Oracle, ITSM, JIRA, and cyber risk tools.
• Strong project management capabilities with experience in Agile and Waterfall methods.

• Strong client-facing skills with ability to influence and consult at management levels.
• Excellent presentation, facilitation, and communication skills.
• Critical thinking and adaptability in dynamic project environments.
• Strong problem-solving and conflict resolution capabilities.

• Extensive experience with FSI clients, including banks, insurers, and capital markets firms.
• Proven ability to deliver solutions covering ORM, ERM, BCM, PCM, IT risk, information security, and cyber risk.

Due to volume of applications, we regret only shortlisted candidates will be notified. Candidates will only be contacted by authorised Deloitte Recruiters via firm's business contact number or business email address.

Requisition ID: 110594

In Malaysia, the services are provided by Deloitte and other related entities in Malaysia ("Deloitte in Malaysia"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Malaysia, which is within the Deloitte Network, is the entity that is providing this Website.