Cyber Security Director

Role Description:

Grant Thornton is looking for a Director, Cybersecurity which is a leadership role in providing security operations leadership and oversight over both internal and external resources.

This role will report to the CISO and is expected to be a strategic and tactical leader, managing managed security services and operations, experience with security tools and technologies, mentoring team members while partnering with other firm leaders to develop, implement and maintain effective cybersecurity processes across the organization.

The ideal candidate is:

• a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements expand.
• a technical security thought leader experienced in working with managed service providers.
• ability to manage competing priorities, available and committed to support ever changing business needs, and possesses strong inter personal relation and management skills.

Required Skills and Experience:

• Ownership and oversight for the implementation and operation of GT’s cybersecurity programs and security tools, technologies, solutions, and methodologies.
• Ensure managed security service provider is adhering to contract requirements and service level agreements.
• Assist with the assessment of existing security tools and recommend options for optimization.
• Provide support to business partners in various audit and regulatory activities.
• Participate in and lead discussions to drive security controls in design and architecture of the IT infrastructure and applications.
• Leverage existing KPIs and define and manage new KPIs in order to appropriately manage outsourcing risk.
• Develop and maintain appropriate response playbooks, facilitate routine tabletop exercises, and ensure a sound communication process for all cyber events.
• Research and benchmark industry leading security practices and tools, validating the GT environment is protected with leading security solutions and services.
• Develop and implement security standards, processes and procedures, and guidelines for the security operations processes and functions.
• Lead a team of IT security resources to ensure security program objectives and goals are met which includes incident management, vulnerability management, network security, endpoint security and identity and access management.
• Actively participate in, serve as a lead and own advisory on cybersecurity matters to ensure appropriate levels of security are integrated in process designs and architecture.
• Collaborate and manage relationships with various teams across the firm – External Client Services (ECS) and Internal Client Services (ICS) service lines, managed service providers, cybersecurity tool vendors.
• Maintain professional and technical knowledge by attending educational workshops, professional publications, establishing personal networks, and participating in professional societies.

Qualifications - External

• BS or MA in Computer Science, Cybersecurity, or a related field (e.g., IT Audit, Enterprise Risk Management, etc.) or equivalent work experience.
• Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM).
• 15 year’s working within Cybersecurity to manage security operations functions.
• 5 years of progressive experience working in the information security space with demonstrated lead/leadership roles.
• Strong knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA and deep knowledge and understanding of relevant legal and regulatory requirements/standards applicable to the firm.
• Experience managing multiple, simultaneous, and high-profile information security initiatives.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgement and maturity.
• Exhibit strong written and verbal communication skills, interpersonal and collaborative skills with the ability to collaborate with all parts and levels of the organization.
• Demonstrated experience and in-depth knowledge of IT, information security and cybersecurity.
• Ability to influence cross-functional team members without a direct reporting relationship.
• Ability to advise and influence both senior IT and business leaders as well as technical staff from all IT disciplines
• Ability to manage a team of resources, both internal and external, who will execute various cybersecurity processes as well as offering strong leadership, coaching and mentoring to the team.
• Experience implementing and managing multiple security tools.
• Experience working with managed service providers.