Manager, Information Security & Risk Management

Company: Grant Thornton LLP
Location: Raleigh
Posted on: June 25, 2022

Job Description:

ICS - Manager, Risk Management, Information Security & Risk Management + The Manager, Risk Management, Information Security position will be an integral member of the Information Security and Risk Management team. This role will be responsible for design, development, implementation and monitoring of risk management program. Work in Chief Information Security Officer (CISO) office under Associate Director, Information Security Governance, Risk and Compliance, this role serves as an information security technology professional for Grant Thornton to support the design, implementation, and maintenance of a cohesive information security governance, risk and compliance program. The successful candidate will have a good mix of deep technical knowledge, understanding of industry best practice, frameworks and regulations, and a demonstrated background in information security risk management program. + An experienced and motivated risk and compliance individual contributor is needed to work across a matrixed team in place today and growing in the future. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple timelines, and managing complex, cross discipline projects. The ideal candidate: + is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve. + possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies. + possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role. + global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly. + thinks strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of risk management processes and risk reporting. Responsibilities: + Develop the information security risk management framework and risk appetite + Collaborate and partner with Enterprise Risk Management function to gain alignment and advance the program + Perform information security risk assessments across a variety of platforms and applications + Prepare risk reports, facilitate risk treatment by proposing remediation/mitigating controls and recommendations to business stakeholders; prepare risk register to monitor and track risks . + Assess exposure to risk, measure operational risk against ERM frameworks, assist in establishing policies and procedures to minimize risk, identify ways to protect the organization from data loss and reputational damage + Support iterative review of assessment results, working with appropriate stakeholders across the lines of defense + Perform and facilitate the collection, review, and assimilation of risk assessment data and reporting into concise and meaningful reports/dashboards for leadership + Establish policy exception process + Ensure compliance with security policies and standards + Establish risk reporting and escalation processes + Remain up to date with emerging threats, best practices and relevant legislation + Work and communicate hand-in-hand with both external and internal stakeholders on critical issues that are directly impacting the business. + Contribute to the development of scalable models and tools that speed up both decision making and accuracy for the organization. + Meet with stakeholders to gather and integrate feedback and evangelize the program + Create metrics and measure progress and compliance. Take leading role in drafting and presenting deep-dive documents, including responses to senior executives. + Provide supply chain security assessment remediation oversight. Experience + Experience with information security risk management framework, assessment, audit and controls based on industry standard frameworks (i.e. NIST; ISO; COSO; HiTrust, FAIR) + Experience with regulatory requirements (i.e. PCI; GDPR; HIPPA; Privacy; CCPA; etc.) + Experience using GRC tools and technologies in support of the assessment/audit process (RSA Archer, Security Scorecard, Bitsight , etc.) + Experience gathering information from a range of different sources to help identify weaknesses in security controls + Expert with security control design, development, implementation, and monitoring + Demonstrated experience across multiple information security domains preferred Qualifications + Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience + CISA, CRISC, CISM, or CISSP certifications (one or more) preferred + Demonstrated advanced verbal and written communication skills + Excellent organization skills and be a self-motivated learne r + Hands-on experience building out Information Security risk management program (including supply chain risk management) About UsAt Grant Thornton, we believe in making business more personal and building trust into every result - for our clients and you. Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support. It's what makes us different, and we think being different makes us better.About the TeamThe team you're about to join is ready to help you thrive. Here's how: --- Whether it's your work location, weekly schedule or unlimited flex time off, we empower you with the options to work in the way that best serves your clients and your life. --- Here, you are supported to prioritize your overall well-being through work-life integration options that work best for your and those in your household. --- We understand that your needs, responsibilities and experiences are different - and we think that's a good thing. That's why we support you with personalized and comprehensive benefits that recognize and empower all the identities, roles and aspirations that make you, well, you. See how at www.gt.com/careers --- When it comes to inclusion, we are committed to doing more than checking boxes. Explore all the ways we're taking action for diversity, equity & inclusion at www.gt.com/careers Here's what you can expect next: If you apply and are selected to interview, a Grant Thornton team member will reach out to you to schedule a time to connect. We encourage you to also check out other roles that may be a good fit for you or get to know us a little bit better at www.gt.com/careers. Additional Details: Grant Thornton requires personnel to be fully vaccinated against COVID-19 in order to visit/enter firm offices, to visit/enter client or prospective client sites or facilities, or to attend in-person firm or client-sponsored events, subject to any medical, religious or other accommodations under the law. Personnel who are not fully vaccinated and who do not have an approved accommodation will be required to work remotely and will not be permitted to work on-site or to attend in-person events and functions until further notice. Grant Thornton collects, uses and maintains vaccination-related data in accordance with its Privacy Policy, Personnel Privacy Notice, and applicable laws and regulations. It is the policy of Grant Thornton to promote equal employment opportunities. All personnel decisions (including, but not limited to, recruiting, hiring, training, working conditions, promotion, transfer, compensation, benefits, evaluations, and termination) are made without regard to race, color, religion, national origin, sex, age, marital or civil union status, pregnancy or pregnancy-related condition, sexual orientation, gender identity or expression, citizenship status, veteran status, disability, handicap, genetic predisposition or any other characteristic protected by applicable federal, state, or local law. Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws, it is the policy of Grant Thornton LLP to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. To make an accommodation request, please contact ColleagueSupportSpecialists@us.gt.com. For Los Angeles Applicants only: We will consider for employment all qualified Applicants, including those with Criminal Histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.

Keywords: Grant Thornton LLP, Raleigh , Manager, Information Security & Risk Management, Executive , Raleigh, North Carolina