Vacancy expired!
Grant Thornton is seeking an Information Technology Risk & Compliance Manager to join the team. Approved office locations can be found below. The Information Technology Risk & Compliance Manager position will be an integral member of the Enterprise Transformation (ET) Governance team. This role will supervise the implementation of new information technology general controls and oversee ET’s risk and compliance infrastructure with the goal of safeguarding the firm’s assets and maintaining the confidentiality, integrity, and availability of information. We are seeking a candidate with breadth and depth of experience as a recognized expert in delivering business value; identifying ET risk mitigation strategies; meeting compliance commitments; operating across a matrixed environment; supporting stakeholder engagement/education; and monitoring/reporting compliance metrics to leadership. Essential Duties and Responsibilities:
Acting as the primary point of contact of all risk and compliance requests and responses for ET to various enterprise teams.
Interfacing with strategic stakeholders to implement best practices, system changes, and adherence to standards and processes.
Support the execution of front-line, general IT controls, attestations, and other risk mitigation activities (i.e., ad hoc controls review, business process management, risk control self-assessment, etc.) as needed.
Identifying potential compliance gaps (e.g., orphan/unimplemented controls and deficient/existing controls) and leading work streams needed to address them.
Establishing templates, processes, and procedures to support control implementation. I.e., partnering with stakeholders, including process owners, control owners, and subject matter experts to document the tasks, procedures, responsibilities, etc. needed to support repeatable control performance.
Supporting the budgeting and cost analysis for new control implementation, as well as submitting and owning exception requests for control deviations.
Providing ongoing assessment of control effectiveness through regular monitoring and status reporting for control implementations, deficiencies, exceptions, audit findings, etc.
Working with InfoSec and ET project teams to ensure system designs are vetted for potential compliance conflicts before these designs are implemented.
Working with InfoSec and ET to create valid measures of control compliance. I.e., creating, maintaining, and communicating appropriate metrics to demonstrate compliance with information security requirements.
Supporting the testing of control design and the testing of control effectiveness for assigned areas as needed.
Coordinating with the InfoSec Audit Manager to support evidence requests and corrective action plans for audit findings.
Conducting regular meetings with stakeholders providing ET compliance updates to management and other senior business leaders.
Support the following risk and compliance assessment activities:
PCAOB inspections
Internal quality inspections
ISO audits of information security and privacy management systems
Cyber audits conducted by Grant Thornton International
Peer reviews through AICPA
Peer reviews of ERM maturity
Others as assigned
Other duties as assigned.
Experience
Experience with information security risk management strategies, assessments, audits, and controls based on industry standard frameworks (i.e., NIST 800-53 and ISO 27001, 27017, & 27701).
Experience with regulatory requirements (i.e., HIPPA Security & Privacy Rules).
Experience using GRC tools and technologies in support of the assessment/audit process (RSA Archer, Security Scorecard, Risk Recon, etc.).
Experience gathering information from a range of different sources to help identify weaknesses in security controls.
Expert with security control design, development, implementation, and monitoring.
Demonstrated experience across multiple information security domains preferred.
Qualifications
Bachelor's degree in Information Technology/Systems, Computer Science, Engineering or related field or equivalent work experience.
CISA, CRISC, CISM, or CISSP certifications (one or more) preferred.
Demonstrated advanced verbal and written communication skills.
Excellent organization skills and be a self-motivated learner.
The base salary range for this position in the firm’s Denver, CO office only is between $112,500 and $187,500 per year. The base salary range for this position in the firm’s Melville, NY, Bellevue, WA, Los Angeles, CA, San Diego, CA, and New York City(Manhattan) offices only is between $121,500 and $202,500 per year. The base salary range for this position in the firm’s San Francisco, CA and San Jose, CA offices only is between $129,400 and $215,600 per year.Accepting applications on an ongoing basis. About UsAt Grant Thornton, we believe in making business more personal and building trust into every result – for our clients and you. Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support. It’s what makes us different, and we think being different makes us better.About the TeamThe team you’re about to join is ready to help you thrive. Here’s how: Whether it’s your work location, weekly schedule or unlimited flex time off, we empower you with the options to work in the way that best serves your clients and your life. Here, you are supported to prioritize your overall well-being through work-life integration options that work best for your and those in your household. We understand that your needs, responsibilities and experiences are different — and we think that’s a good thing. That’s why we support you with personalized and comprehensive benefits that recognize and empower all the identities, roles and aspirations that make you, well, you. See how at www.gt.com/careers When it comes to inclusion, we are committed to doing more than checking boxes. Explore all the ways we’re taking action for diversity, equity & inclusion at www.gt.com/careers Here’s what you can expect next: If you apply and are selected to interview, a Grant Thornton team member will reach out to you to schedule a time to connect. We encourage you to also check out other roles that may be a good fit for you or get to know us a little bit better at www.gt.com/careers. Benefits: We understand that your needs, responsibilities and experiences are different, and we think that’s a good thing. That’s why we support you with personalized and comprehensive benefits that recognize and empower all the identities, roles and aspirations that make you, well, you. For an overview of our benefit offerings, please visit: https://www.grantthornton.com/careers/rewards-and-benefits
Benefits for internship positions: Grant Thornton interns are eligible to participate in the firm’s medical, dental and vision insurance programs and the firm’s employee assistance program. Interns also receive a minimum of 72 hours of paid sick leave, and are paid for firm holidays that fall within their internship period.
Benefits for seasonal employee positions: Grant Thornton seasonal employees are eligible to participate in the firm’s medical, dental and vision insurance programs and the firm’s employee assistance program. Seasonal employees may also be eligible to participate in the firm’s 401(k) savings plan and employee retirement plan in accordance with applicable plan terms and eligibility requirements. Seasonal employees receive a minimum of 72 hours of paid sick leave.
Grant Thornton employees may be eligible for a discretionary, annual bonus based on individual and firm performance, subject to the terms, conditions and eligibility criteria of the applicable bonus plan or program. Interns and seasonal employees are not eligible for bonus compensation.
Additional Details:
It is the policy of Grant Thornton to promote equal employment opportunities. All personnel decisions (including, but not limited to, recruiting, hiring, training, working conditions, promotion, transfer, compensation, benefits, evaluations, and termination) are made without regard to race, color, religion, national origin, sex, age, marital or civil union status, pregnancy or pregnancy-related condition, sexual orientation, gender identity or expression, citizenship status, veteran status, disability, handicap, genetic predisposition or any other characteristic protected by applicable federal, state, or local law.
Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws, it is the policy of Grant Thornton LLP to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. To make an accommodation request, please contact ColleagueSupportSpecialists@us.gt.com.
For Los Angeles Applicants only: We will consider for employment all qualified Applicants, including those with Criminal Histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.
