Manager, Information Security & Risk Management
Company: Grant Thornton LLP
Location: Raleigh
Posted on: June 25, 2022
|
|
Job Description:
ICS - Manager, Risk Management, Information Security & Risk
Management + The Manager, Risk Management, Information Security
position will be an integral member of the Information Security and
Risk Management team. This role will be responsible for design,
development, implementation and monitoring of risk management
program. Work in Chief Information Security Officer (CISO) office
under Associate Director, Information Security Governance, Risk and
Compliance, this role serves as an information security technology
professional for Grant Thornton to support the design,
implementation, and maintenance of a cohesive information security
governance, risk and compliance program. The successful candidate
will have a good mix of deep technical knowledge, understanding of
industry best practice, frameworks and regulations, and a
demonstrated background in information security risk management
program. + An experienced and motivated risk and compliance
individual contributor is needed to work across a matrixed team in
place today and growing in the future. The successful candidate has
a track record of developing strong relationships, collaborating
across teams, coordinating multiple timelines, and managing
complex, cross discipline projects. The ideal candidate: + is a
self-starter, with the ability to drive tasks to completion
independently and learn new skills on the job as program
requirements evolve. + possesses strong business judgment, deep
analytical thinking, is comfortable managing multiple
responsibilities within a fast-paced environment, and has worked
collaboratively with others to develop, implement, and communicate
business improvement and innovative strategies. + possesses strong
verbal and written communication skills, a solution-oriented
approach, and relationship-building skills are important attributes
to succeed in this role. + global view of their business and think
in terms of immediate problem solving but also automating,
expanding, and scaling solutions broadly. + thinks strategically at
a global level and effectively develop key processes, procedures
and communications that facilitate cross-functional implementation
of risk management processes and risk reporting. Responsibilities:
+ Develop the information security risk management framework and
risk appetite + Collaborate and partner with Enterprise Risk
Management function to gain alignment and advance the program +
Perform information security risk assessments across a variety of
platforms and applications + Prepare risk reports, facilitate risk
treatment by proposing remediation/mitigating controls and
recommendations to business stakeholders; prepare risk register to
monitor and track risks . + Assess exposure to risk, measure
operational risk against ERM frameworks, assist in establishing
policies and procedures to minimize risk, identify ways to protect
the organization from data loss and reputational damage + Support
iterative review of assessment results, working with appropriate
stakeholders across the lines of defense + Perform and facilitate
the collection, review, and assimilation of risk assessment data
and reporting into concise and meaningful reports/dashboards for
leadership + Establish policy exception process + Ensure compliance
with security policies and standards + Establish risk reporting and
escalation processes + Remain up to date with emerging threats,
best practices and relevant legislation + Work and communicate
hand-in-hand with both external and internal stakeholders on
critical issues that are directly impacting the business. +
Contribute to the development of scalable models and tools that
speed up both decision making and accuracy for the organization. +
Meet with stakeholders to gather and integrate feedback and
evangelize the program + Create metrics and measure progress and
compliance. Take leading role in drafting and presenting deep-dive
documents, including responses to senior executives. + Provide
supply chain security assessment remediation oversight. Experience
+ Experience with information security risk management framework,
assessment, audit and controls based on industry standard
frameworks (i.e. NIST; ISO; COSO; HiTrust, FAIR) + Experience with
regulatory requirements (i.e. PCI; GDPR; HIPPA; Privacy; CCPA;
etc.) + Experience using GRC tools and technologies in support of
the assessment/audit process (RSA Archer, Security Scorecard,
Bitsight , etc.) + Experience gathering information from a range of
different sources to help identify weaknesses in security controls
+ Expert with security control design, development, implementation,
and monitoring + Demonstrated experience across multiple
information security domains preferred Qualifications + Bachelor's
degree in Computer Science, Engineering or related field or
equivalent work experience + CISA, CRISC, CISM, or CISSP
certifications (one or more) preferred + Demonstrated advanced
verbal and written communication skills + Excellent organization
skills and be a self-motivated learne r + Hands-on experience
building out Information Security risk management program
(including supply chain risk management) About UsAt Grant Thornton,
we believe in making business more personal and building trust into
every result - for our clients and you. Here, we go beyond your
expectations of a career in professional services by offering a
career path with more: more opportunity, more flexibility, and more
support. It's what makes us different, and we think being different
makes us better.About the TeamThe team you're about to join is
ready to help you thrive. Here's how: --- Whether it's your work
location, weekly schedule or unlimited flex time off, we empower
you with the options to work in the way that best serves your
clients and your life. --- Here, you are supported to prioritize
your overall well-being through work-life integration options that
work best for your and those in your household. --- We understand
that your needs, responsibilities and experiences are different -
and we think that's a good thing. That's why we support you with
personalized and comprehensive benefits that recognize and empower
all the identities, roles and aspirations that make you, well, you.
See how at www.gt.com/careers --- When it comes to inclusion, we
are committed to doing more than checking boxes. Explore all the
ways we're taking action for diversity, equity & inclusion at
www.gt.com/careers Here's what you can expect next: If you apply
and are selected to interview, a Grant Thornton team member will
reach out to you to schedule a time to connect. We encourage you to
also check out other roles that may be a good fit for you or get to
know us a little bit better at www.gt.com/careers. Additional
Details: Grant Thornton requires personnel to be fully vaccinated
against COVID-19 in order to visit/enter firm offices, to
visit/enter client or prospective client sites or facilities, or to
attend in-person firm or client-sponsored events, subject to any
medical, religious or other accommodations under the law. Personnel
who are not fully vaccinated and who do not have an approved
accommodation will be required to work remotely and will not be
permitted to work on-site or to attend in-person events and
functions until further notice. Grant Thornton collects, uses and
maintains vaccination-related data in accordance with its Privacy
Policy, Personnel Privacy Notice, and applicable laws and
regulations. It is the policy of Grant Thornton to promote equal
employment opportunities. All personnel decisions (including, but
not limited to, recruiting, hiring, training, working conditions,
promotion, transfer, compensation, benefits, evaluations, and
termination) are made without regard to race, color, religion,
national origin, sex, age, marital or civil union status, pregnancy
or pregnancy-related condition, sexual orientation, gender identity
or expression, citizenship status, veteran status, disability,
handicap, genetic predisposition or any other characteristic
protected by applicable federal, state, or local law. Consistent
with the Americans with Disabilities Act (ADA) and applicable state
and local laws, it is the policy of Grant Thornton LLP to provide
reasonable accommodation when requested by a qualified applicant or
employee with a disability, unless such accommodation would cause
an undue hardship. The policy regarding requests for reasonable
accommodation applies to all aspects of employment, including the
application process. To make an accommodation request, please
contact ColleagueSupportSpecialists@us.gt.com. For Los Angeles
Applicants only: We will consider for employment all qualified
Applicants, including those with Criminal Histories, in a manner
consistent with the requirements of applicable state and local
laws, including the City of Los Angeles' Fair Chance Initiative for
Hiring Ordinance.
Keywords: Grant Thornton LLP, Raleigh , Manager, Information Security & Risk Management, Executive , Raleigh, North Carolina
Click
here to apply!
|