Apply now »

A&A: Consultant - Manager (GRC / Risk Transformation - Operations Risk Management (ORM))

Date:  2 Oct 2025
Service Line / Portfolios:  Assurance
Location: 

Bangkok, TH

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. 

We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices. 

Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals. 

We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions.

Ready to unleash your potential with us? Join the winning team now!

Work You Will Do

As a GRC Transformation Consultant, you will lead workstreams in complex GRC transformation projects. You will act as a trusted advisor to client stakeholders, bringing deep knowledge of Operational Risk Management (ORM) module combined with hands-on expertise in leading GRC platforms. In this role, you will be responsible for managing project delivery, mentoring junior consultants, and ensuring solutions are aligned to client objectives and regulatory requirements. The scope includes business requirement gathering, system design, testing, training and deployment of ORM functionalities. You will also play a key role in shaping risk transformation strategies and driving adoption of GRC platforms across financial institutions.

Key Responsibilities

  • Conduct session of business and regulatory requirements from stakeholders and finalise the requirements.
  • Provide advisory on Operational Risk Management to support good design of system functionality to ensure design aligning with relevant regulatory requirement and good practice.
    • Operational Risk Management Framework and Matrix
    • Operational Risk Management Workflow from end to end including identification, assessment, monitoring, escalation and reporting.  
    • Operational Risk Indicators
    • Operational Risk Inventory and Controls
    • Operational Risk Dashboard
    • Incident Management Activities from end-to-end process
  • Translate requirements into system specifications and user stories.
  • Lead the workshops with client stakeholders and solve the issues properly with good practices and knowledge sharing.
  • Prepare documentation including Requirement Traceability Matrix (RTM), Functional Specification Document (FSD), and process flows.
  • Support design, configuration, and integration of the ORM module within the GRC platform.
  • Develop, execute and manage test cases & scripts and UAT for ORM module.
  • Support accuracy and completeness of data migration and system outputs.
  • Document test results, track defects, and support resolution.
  • Create training materials (such as manuals, quick guides, and e-learning modules) and conduct the trainings.
  • Support change management activities for ORM module to ensure effective adoption.
  • Manage project delivery, budgets, risks, key stakeholders and communications with clients.
  • Supervise and coach junior consultants, reviewing work products to ensure quality and consistency.
  • Contribute to business development through proposals, client presentations, and thought leadership.

Your Role as a Leader

  • Build and lead diverse teams, providing coaching and development opportunities to junior staff.
  • Collaborate across service lines to deliver integrated solutions to clients.
  • Inspire confidence and trust in clients through strong stakeholder engagement and communication.
  • Drive superior outcomes by aligning project objectives with client strategic priorities.
  • Demonstrate integrity, accountability, and inclusive leadership values.

Qualifications

  • Bachelor’s or Master’s degree in Business Administration, Risk Management, Finance, Information Systems, or related field.
  • For Consultant level

    1–3 years of experience in GRC, Enterprise Risk Management, or Risk Advisory, preferably in the financial services sector.

    For Senior Consultant and Manager level

    5–8 years of experience in GRC, Enterprise Risk Management, or Risk Advisory, preferably in the financial services sector.

    • Strong knowledge of ERM frameworks (COSO ORM, ISO 31000) and regulatory standards (Basel II/III, BOT).
    • Experience with GRC platforms (RSA Archer, SAP GRC, MetricStream, or equivalent) is a plus.
    • Archer Certified Administrator (Specialist/Expert), ServiceNow CIS (Risk & Compliance), or equivalent certification is a plus.
    • Proficiency in business analysis, documentation, and stakeholder facilitation.
    • Strong problem-solving, analytical, and communication skills.
    • Professional certifications such as GRC, CISA, CRISC, CISM, CISSP are highly desirable.

 

Technical Skills

  • Exposure to GRC/IRM platforms such as Archer, ServiceNow, or MetricStream.
  • Understanding of workflows, reporting, and dashboard.
  • Proficiency in Microsoft Excel and PowerPoint for analysis and reporting.

 

Soft Skills

  • Strong client-facing skills with ability to influence and consult at management levels.
  • Excellent presentation, facilitation, and communication skills.
  • Team-oriented with a willingness to learn and adapt to dynamic client environments.
  • Ability to work in structured consulting environments with deadlines and deliverables.
  • Critical thinking, strong problem-solving and conflict resolution capabilities

 

Industry Focus: FSI

Exposure to banking, asset management, digital asset, insurance, and financial services risk and compliance processes. Understanding of significant risk and compliance domain for specific industry.

Requisition ID:  110810

In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

Apply now »