Audit Manager - Information Security and Risk Management

Audit Manager, Information Security & Risk Management

We are Grant Thornton. We go beyond business as usual, so you can too.

Grant Thornton Ireland (GT) has nearly 3,000 people in 9 offices across Ireland, The Isle of Man, Gibraltar, and Bermuda, with a presence in over 149 countries around the world, and a global network of over 68,000 people

At GT, we work as trusted advisors, bringing local knowledge and national expertise, with a global presence, to help businesses succeed – wherever they are located. We make business more personal by investing in building relationships and empowering our clients to make the right decisions for their organisation now and for the future. Whether that is working with the public sector to build thriving communities, with regulators and financial institutions to build trust, or with a diverse range of businesses to help them achieve their goals, Grant Thornton Ireland work hard to support clients to act on the issues that matter.

At GT Ireland we don’t just predict your future, we build it.

A Career at GT

Looking for a more fulfilling role in professional services? One where fresh thinking, collaboration and diversity are valued? At Grant Thornton we do things differently.

What does this mean for you?

A career in a more inclusive working environment, a more collaborative work culture, a more supported, flexible working role, more possibilities to grow and more opportunities to help shape the future for your clients. We respect and value your experience. And we want you to bring your authentic self to work and be at your best. It is how it should be.

Grow with us

At Grant Thornton, we care about our people and work hard to make you feel valued. If you are looking to deepen and develop your skills, knowledge, and experience throughout your career, then that is what you will get, and more.

The Audit Manager, Information Security position will be an integral member of the Information Security and Risk Management team. This role will be responsible for organizing and managing internal and external audits. Work in Chief Information Security Officer (CISO) office under Director, Information Security Governance, Risk and Compliance, this role serves as an information security technology professional for Grant Thornton to support the design, implementation, and maintenance of a cohesive information security governance, risk and compliance program. The successful candidate will have a good mix of deep technical knowledge, understanding of industry best practice, frameworks and regulations, and a demonstrated background in information security risk management program.

An experienced and motivated risk and compliance individual contributor is needed to work across a matrixed team in place today and growing in the future. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple timelines, and managing complex, cross discipline projects.

Roles and Responsibilities:

• Develop audit program and plans, determine scope of audit coverage, and organize and manage internal and external audit engagements.

• Oversee the process of audits, making recommendations on policies, and ensuring that the organization fulfills compliance obligations.

• Coordinates and/or performs audit work, reviews audit reports prior to formal release, reviews management responses and reviews supporting workpapers to ensure reports are properly supported.

• Identifies factors causing deficient conditions and provides constructive, economical, and practical recommendations for audit findings. Drafts recommendations for management responses and corrective action plans.

• Support iterative review of assessment results, working with appropriate stakeholders across the lines of defense.

• Follows-up to determine adequacy and implementation of corrective actions.

• Identify and manage implementation of new compliance requirements/controls that are introduced by changes to regulations/standards/frameworks (new compliance requirements introduced per changes to ISO 27001, SOC 2, NIST 800-53, NIST CSF, GDPR)

• Participate and provide input during policy annual reviews.

• Educate control owners to submit risks/exceptions and support risk assessments.

• Design automated and manual control testing methods.

• Conduct compliance assessments and internal control testing of critical business processes, critical information systems/assets (technology/application) and processes to evaluate design and operating effectiveness of controls, and proactively prepare stakeholders for external audits.

• Participate in policy reviews and provide meaningful feedback; facilitate policy operationalization 

• Establishes and maintains effective working relationships with Control Owners and Control Operators.

• Support and advise Control Owners and Control Operators to:

• build programs based on principles: compliance-by-design and security-by-design

• proactive evidence collection for audits using GRC Tool

• validate evidence for sufficiency per control requirements

• remediate findings

• Create collateral to promote culture of compliance aligned to firm’s risk tolerance.

• Contribute to the development of scalable models and tools that speed up both decision making and accuracy for the organization.

• Assimilate risk and compliance assessment/audit data into concise and meaningful reports/dashboards for leadership.

Skills and Attributes:

• is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.

• possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies.

• possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role. Successful candidate will develop strong relationships, collaborate across teams, coordinate multiple timelines, and manage complex, cross discipline projects.

• global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly.

• thinks strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of compliance management processes and compliance reporting.

• Experience with information security frameworks, industry standards (i.e., NIST 800-53; ISO 27001, ISO 27017, COSO, HITRUST)

• Experience with regulatory requirements (i.e., GDPR etc.)

• Experience performing IT audits and control testing

• Experience using GRC tools and technologies in support of the assessment/audit process

• Experience gathering information from a range of different sources to help identify weaknesses in security controls

• Expert with security control design, development, implementation, and monitoring

• Demonstrated experience across multiple information security domains preferred

Qualifications:

• Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience

• CISA, CRISC, CISM, or CISSP certifications (one or more) preferred

• Demonstrated advanced verbal and written communication skills

• Excellent organization skills and be a self-motivated learner

Life at GT

Reward and benefits:

Our reward and benefits are designed to create an environment where our people can flourish. We are committed to building a culture where our people have access to the necessary benefits to help promote a healthy lifestyle and thrive.

Equity, diversity and inclusion
At Grant Thornton, we provide equitable opportunities for all our colleagues. We are a responsible, sustainable business where equity, diversity and inclusion (ED&I) is at the forefront of our workplace culture agenda, and today, we continue to build and develop on our existing ED&I structure and strategy to meet our workplace culture needs. People are at the heart of our business and teams built with varied backgrounds, racial differences, cultures, sexual orientations, religious orientations, ages, gender identities, abilities and family types present diverse viewpoints, which need to be heard and valued.

We are all at our best when we are able to be ourselves and we view integrity and authenticity as integral values to bring to our day-to-day work-life at the firm. We are excited to see the personality and perspectives you will bring to our team because we know we will all benefit from them. Diversity of thought, background and experience enables better decision-making, improves the quality of our delivery, and helps us to meet the needs of our clients. Our firm is built on people and their ideas, so we want to hear all the new perspectives and fresh thinking you have to offer. You form the bedrock of our firm’s best-practice principles and we will champion you as leaders from day one. 

Recognition:

We want to create a culture of recognition and celebrating success, by saying thank you to people who surpass our expectations and recognising the right values and behaviours. Our Shout Out recognition scheme is our way of highlighting and promoting achievements. Whether you simply want to say thank you, celebrate a special occasion or give an award for doing something exceptional, you can do all of this and more through the scheme.

#LI-KS1