Job Description

:
The Security Risk & Controls Sr. Associate position will be an integral member of the Information Security and Risk Management team.
The Senior Associate will support the firm's information security program by designing, and monitoring controls to ensure compliance with internal policies, regulatory requirements, and industry standards. This role partners with cross-functional teams and auditors to maintain a strong security and compliance posture.
This role will be responsible for design, development, implementation and monitoring of security controls to identify and mitigate information security risk with data protection and 3rd party suppliers. Work in Chief Information Security Officer (CISO) office under Director, Information Security Governance, Risk and Compliance, this role serves as an information security technology professional for Grant Thornton to support the design, implementation, and maintenance of a cohesive security operations/monitoring solution for data security risk and controls. The successful candidate will have a good mix of deep technical knowledge, understanding of industry standards and controls, and a demonstrated background in information security risk management program.
An experienced and motivated risk and compliance individual contributor is needed to work across a matrixed team in place today and growing in the future. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple timelines, and managing complex, cross discipline projects.
The ideal candidate is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.
possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies.
possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role.
global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly.
thinks strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of risk management processes and risk reporting.
Skills:
Responsibilities:
Controls Design & Implementation
Develop, document, and maintain security controls aligned to ISO 27001, SOC 2, NIST CSF, and applicable regulatory frameworks.
Perform crosswalks between industry-standard frameworks and internal control sets.
Ensure alignment of external requirements with enterprise governance structure.
Own and manage controls at the implementation level, including updates for new business processes or acquisitions.
Identify and integrate relevant controls for mergers, acquisitions, and new entities into the enterprise control framework.
Assess impact of organizational changes on security controls and compliance posture.
Collaborate with integration teams to ensure security governance during onboarding of new acquisitions.
Assist in risk assessments and recommend remediation for control gaps.
Map evidence tasks to specific controls for audits and compliance reporting.
Maintain traceability between control objectives, evidence artifacts, and regulatory requirements.
Audit & Compliance Management
Plan and execute internal control testing and evidence collection for external audits (e.g., SOC 2, ISO, ITGC).
Support the testing of control design and the testing of control effectiveness for assigned areas as needed
Track remediation plans and validate closure of findings.
Policy & Procedure Governance
Maintain and update security controls supporting policies, standards, and procedures.
Ensure version control and formal approval processes are followed.
Stakeholder Collaboration
Work with IT and business units to implement corrective actions.
Provide guidance on security requirements for new projects.
Reporting & Metrics
Prepare dashboards and management reports on control effectiveness, and key risk indicators.
About Company:
'Grant Thornton INDUS' comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd. Grant Thornton INDUS is the shared services center supporting the operations of Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd. Established in 2012, Grant Thornton INDUS employs professionals across a wide range of disciplines including Tax, Audit, Advisory, and other operational functions. What sets us apart isn't just what we do - it's how we do it. We support and enable the firm's purpose of making business more personal and building trust into every result. We're collaborators - obsessed with quality and ready for anything - who understand the value of strong relationships. Our professionals are well integrated to seamlessly support the U.S. engagement teams, help increase Grant Thornton's access to a wide talent pool, and improve operational efficiencies. Empowered people, bold leadership, and distinctive client service are imbibed in the culture at Grant Thornton INDUS. We are a transparent, competitive, and excellence-driven firm that offers an opportunity to be part of something significant. In addition, professionals at Grant Thornton INDUS serve communities in India through inspirational and generous services to give back to the communities they work in. Grant Thornton INDUS has its offices in two locations in India - Bengaluru and Kolkata

Skills Required