Job Description

:
The Senior Associate, Risk Management, Information Security position will be an integral member of the Information Security and Risk Management team. This role will be responsible for design, development, implementation and monitoring of risk management program. Work in Chief Information Security Officer (CISO) office under Director, Information Security Governance, Risk and Compliance, this role serves as an information security technology professional for Grant Thornton to support the design, implementation, and maintenance of a cohesive information security governance, risk and compliance program. The successful candidate will have a good mix of deep technical knowledge, understanding of industry best practice, frameworks and regulations, and a demonstrated background in information security risk management program.
An experienced and motivated risk and compliance individual contributor is needed to work across a matrixed team in place today and growing in the future. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple timelines, and managing complex, cross discipline projects.
The ideal candidate:
is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.
possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies.

• possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role.
• global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly.
• thinks strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of risk management processes and risk reporting.

Responsibilities:

• Perform information security risk assessments across a variety of platforms and applications
• Prepare risk reports, facilitate risk treatment by proposing remediation/mitigating controls and recommendations to business stakeholders; prepare risk register to monitor and track risks.
• Assess exposure to risk, measure operational risk against InfoSec Risk Management framework, assist in establishing policies and procedures to minimize risk, identify ways to protect the organization from data loss and reputational damage.
• Support iterative review of assessment results, working with appropriate stakeholders across the lines of defense.
• Perform and facilitate the collection, review, and assimilation of risk assessment data and reporting into concise and meaningful reports/dashboards for leadership
• Ensure compliance with security policies and standards.
• Establish risk reporting and escalation processes.
• Remain up to date with emerging threats, best practices and relevant legislation
• Work and communicate hand-in-hand with both external and internal stakeholders on critical issues that are directly impacting the business.
• Contribute to the development of scalable models and tools that speed up both decision making and accuracy for the organization.
• Meet with stakeholders to gather and integrate feedback and evangelize the program.
• Create metrics and measure progress and compliance. Take leading role in drafting and presenting deep-dive documents, including responses to senior executives.

Experience

• Experience with information security risk management framework, assessment, audit and controls based on industry standard frameworks (i.e. NIST; ISO; COSO; HiTrust, FAIR)
• Experience with regulatory requirements (i.e. PCI; GDPR; HIPPA; Privacy; CCPA; etc.)
• Experience using GRC tools and technologies in support of the assessment/audit process (OneTrust, ServiceNow etc.)
• Experience gathering information from a range of different sources to help identify weaknesses in security controls
• Demonstrated experience across multiple information security domains (preferred).

Qualifications

• Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
• CISA, CRISC, CISM, or CISSP certifications (one or more) preferred
• Demonstrated advanced verbal and written communication skills
• Excellent organization skills and be a self-motivated learner
• Hands-on experience building out Information Security risk management program (including supply chain risk management)

Skills:
Information Security Risk Management, Governance Risk and Compliance (GRC), NIST CSF, ISO 27001, COSO ERM, HITRUST, FAIR Risk Quantification, Regulatory Compliance (PCI DSS, GDPR, HIPAA, CCPA), Risk Assessment and Reporting, Risk Register Management, Risk Treatment and Remediation, Supply Chain Risk Management, Security Policy Development, Audit and Controls, GRC Tools (OneTrust, ServiceNow), Metrics and Dashboard Reporting, Vulnerability and Threat Analysis, Data Protection Strategies, Incident Response Interfaces, Technical Control Design, Cloud and On-Prem Risk Assessment, Stakeholder Communication, Executive Reporting, Project Coordination, Analytical Thinking, Business Judgment, Process Automation, Documentation and Evidence Management, CISA Certification, CRISC Certification, CISM Certification, CISSP Certification
About Company:
'Grant Thornton INDUS' comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd. Grant Thornton INDUS is the shared services center supporting the operations of Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd. Established in 2012, Grant Thornton INDUS employs professionals across a wide range of disciplines including Tax, Audit, Advisory, and other operational functions. What sets us apart isn't just what we do - it's how we do it. We support and enable the firm's purpose of making business more personal and building trust into every result. We're collaborators - obsessed with quality and ready for anything - who understand the value of strong relationships. Our professionals are well integrated to seamlessly support the U.S. engagement teams, help increase Grant Thornton's access to a wide talent pool, and improve operational efficiencies. Empowered people, bold leadership, and distinctive client service are imbibed in the culture at Grant Thornton INDUS. We are a transparent, competitive, and excellence-driven firm that offers an opportunity to be part of something significant. In addition, professionals at Grant Thornton INDUS serve communities in India through inspirational and generous services to give back to the communities they work in. Grant Thornton INDUS has its offices in two locations in India - Bengaluru and Kolkata

Skills Required