Life at Deloitte

Technology Risk & Controls

Student opportunities in Risk Advisory

Within TRC we provide technology, risk and control assurance and advisory services to a range of industries. Our work is often driven by regulation, investigations or ongoing assurance requirements. Major buyers of our services include IT Risk Managers, Heads of Internal Audit or IT Internal Audit, Compliance, CIOs, CISOs and business heads.

We have a number of specialist teams within TRC with substantial experience supporting our clients navigate the pressures of unprecedented regulatory scrutiny, extensive and interdependent organisational change programmes and increasing demands from the Board. For example, our IT Risk Management specialists work alongside our clients to understand and address their challenges in relation to managing Technology Risk. Typical engagements include operating model design for Technology Risk functions and the design and implementation of technology risk management frameworks and supporting services.

Our Cyber Risk practice works with clients to help assess their cyber security, define their cyber risk appetite and help develop their threat analysis and monitoring, cyber controls and ability to effectively recover from a cyber-attack. By nature of the fast-moving and multi-disciplinary nature of responding to cyber threats, our cyber risk specialists work closely with a range of other experts throughout Deloitte.

In our London office, we also have a team of Resilience specialists with a wealth of experience in risk, resilience and readiness. We help clients become more resilient and better prepared to deal with incident and crisis events – enabling them to continue to serve their customers, protect their people and support the communities they supply. Our experience comes from years of helping clients across the full lifecycle of resilience to plan and prepare for the ‘headline’ risks, rehearsing their responses to challenging situations and conducting post-event reviews to identify lessons to be learnt.

What work would you get involved in?

We offer our graduates a wide variety of career paths that include working with the largest corporate house-hold names to smaller clients in niche or emerging industries. Depending on the path you wish to take, our graduates can specialise in a broad range of business or technological competencies.

On a day to day basis you will be expected to assist with a number of tasks, including; conducting stakeholder interviews, drafting documentation, identifying key risks, mapping controls and assessing their effectiveness. You will liaise directly with clients and work closely with the TRC team members as well as other teams within Deloitte’s Risk Advisory practice to deliver engagements.

What training are on offer to a graduate joining?

As a graduate in the TRC team, you will undertake an intensive 6 week course upon joining the firm, providing you with the fundamental skills and knowledge required for the role. We also offer the ACA qualification to all graduates joining the team should you wish to study towards the Chartered Accountant standard.

During your early years with the firm, your development needs will be proactively supported and you will have the opportunity to undertake additional training and where possible achieve certification for a range of relevant topics, including Business Continuity, COBIT, ISO 27001 (Information Security) certification and Prince 2.

As part of the on boarding process, you will also be assigned a buddy (a former graduate) who will be available to answer any questions, queries or issues you have before joining us and also to support you in your first year with the firm.

Example of a project that a graduate could work on

A 1st year graduate was tasked, as part of a small engagement team, to conduct an assessment of General IT Controls in place at a client. This engagement was where the TRC team assess controls on the behalf of Financial Audit who look to place assurance over the audit-critical systems. The tasks undertaken included:

  • Understanding and documenting the IT environment in place at the client site to better understand the interfaces between systems and flow of data.
  • Assessing the effectiveness of access security, change control and network operation controls in place.
  • Identifying sources of mitigation for issues unearthed whilst testing controls.


Did you find this useful?