Senior Associate, Information Security & Risk Management
Information Security & Risk Management Senior Associate
We are Grant Thornton. We go beyond business as usual, so you can too.
Grant Thornton Ireland has nearly 3,000 people in 9 offices across Ireland, The Isle of Man, Gibraltar, and Bermuda, with a presence in over 145 countries around the world, and a global network of over 68,000 people.
We work as trusted advisors, bringing local knowledge and national expertise, with a global presence, to help businesses succeed – wherever they are located.
This role will be an integral member of our Governance, Risk & Compliance team.
The candidate will organize and manage evidence for external audits, working in the Chief Information Security Officer (CISO) office under Director, Information Security Governance, Risk and Compliance.
Responsibilities include managing and responding to client security questionnaires, audits, and assessments related to our organization's information security posture.
This involves working closely with internal teams, clients, and external auditors to ensure our security practices align with industry standards and client requirements.
The ideal candidate:
* is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.
* possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies.
* possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role.
* has a global view of their business and thinks in terms of immediate problem solving while also automating, expanding, and scaling solutions broadly.
Key Responsibilities:
Governance:
* Participate in development of IT & Security policies, standards, and controls.
* Develop and implement procedures and processes in area of ownership.
* Participate in annual control attestation.
* Measure and report on security metrics and key performance indicators.
* Respond to cyber insurance questionnaires based on implemented security controls, certifications, and policies.
Risk & Compliance Management:
* Conduct security risk assessments to identify and mitigate risks.
* Collaborate with internal teams to design and implement mitigation strategies for identified risks.
* Manage responses to client security questionnaires in a timely and accurate manner.
* Serve as the main point of contact for clients regarding security and IT-related audit inquiries and responses.
* Prepare and provide evidence for security audits, ensuring all documentation is complete and accurate.
* Identify opportunities to improve the efficiency and effectiveness of client questionnaire responses and audit processes.
* Continuously improve the organization's internal audit and compliance processes to meet client expectations.
* Provide recommendations to management regarding areas of improvement in security practices and compliance.
Requirements:
* 5+ years of experience in information security, with a focus on audit management.
* Experience with responding to security questionnaires and managing client audits.
* Familiarity with compliance frameworks such as NIST, ISO 27001, and others.
* Demonstrated advanced verbal and written communication skills.
* Excellent project management and organizational skills, with the ability to handle multiple audits and client requests simultaneously.
* Bachelor's degree in information security, Cybersecurity, Computer Science, Engineering or related field or equivalent work experience.
* CISA, CRISC, CISM, or CISSP certifications (one or more) preferred.
Life at Grant Thornton
Reward and benefits:
Our reward and benefits are designed to create an environment where our people can flourish.
Equity, diversity and inclusion
We provide equitable opportunities for all our colleagues.
Recognition:
We want to create a culture of recognition and celebrating success.