About Grant ThorntonGrant Thornton is one of the worlds leading professional services networks with member firms in over 150 countries, 80,000 people and global revenues of $8.5bn. Member firms offer audit, tax, and advisory services to privately owned companies, publicly listed companies, public sector and not for profit organisations, both domestically and internationally.Grant Thornton International Ltd (GTIL) is the umbrella legal entity for the Grant Thornton global network of member firms. GTIL sets the strategic direction, convenes member firms, connects global communities, and protects the brand and reputation of the network. GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UNs Sustainable Development Goals (SDGs).At GTIL, we encourage applications from individuals of all backgrounds, experiences, and perspectives. We believe talent is everywhere. We actively source and encourage applications from all around the globe to encourage new ways of working and tackling complex challenges together. Role purposeThe primary purpose of this role is to direct and manage the Grant Thornton International Ltd.s IT Compliance programme which: Responds to internal and external compliance assessments (e.g. GDPR, NIST CSF, ISQM1, SOC2, etc.),Supports GTILs Cybersecurity team in maintaining and communicating policies and standards, andSupports IT operations in implementing processes and procedures to improve GTILs security and compliance posture.The ideal candidate will have experienceManaging IT or security projects,Managing compliance programs and assessments, andIn interacting with all levels of personnel (from executives to associates) within IT, cybersecurity, and business representatives. The candidate must be able toSynthesize information to communicate clearlyDevelop and deliver plans and organise the team to achieve goals,Define, implement, and audit technology and security governance requirements (e.g. policies and standards),Develop and implement new processes / procedures in support of compliance requirements, andLeverage the compliance programme to identify ways to bring value to the GTIL organization and the GT network.Main ResponsibilitiesThe Associate director will manage and direct IT compliance programme, including: Define the ongoing strategy, objectives, and activities for the compliance programme including the necessary budget and resources to support this programmeManage the IT compliance team to achieve the strategy and objectivesCoordinate with executives and stakeholders to clearly define compliance requirements and scheduleCoordinate between assessors and GTIL to efficiently handle assessments, report results, findings, and remediation actionsFacilitate the management of risk identification and review across the technology and security organizationsProvide oversight for IT compliance team activities including:Responding to internally initiated assessments (e.g. NIST CSF, SOC2, ISQM1, etc.)Defining standards for responding to compliance questions from Grant Thorntons member firms and ensuring these questions are answered in a timely mannerImplementing and continually improving compliance related processes, particularly for the collection of evidence to support assessments and compliance questionsLeveraging the available tools to automate and support efficient compliance processesDriving the creation and update of technology and security policies and developing any necessary standards to support these policiesDeveloping a method to audit compliance with the technology and security policies and standardsProviding a framework for the organization to improve business continuity and disaster recovery capabilitiesLocationIdeally Canada or Europe.Person SpecificationBachelors degree or equivalent experience in IT and Cybersecurity (essential)Industry certifications such as ISACA-CISA, ISC2-CC, etc. (desirable)Experience - essentialExtensive experience of programme / project managementExtensive experience working in cybersecurity and / or IT operationsProgramme leadership experience, e.g. able to own the compliance programme, define and implement strategy, and manage the team to achieve goals with limited oversightManagement of compliance assessmentsGeneral understanding of Infrastructure, Operations, Cybersecurity, and relevant regulatory requirements and assurance processes, including various auditing standards such as NIST CSF, ISO27001, and SOC2, GDPRExcellent communication and interpersonal skills, both verbal and writtenAbility to synthesize and present material in a concise understandable form to various target audiences particularly to clarify the value of the compliance programme and its roadmap to executivesExcellent organisational skills and the ability to prioritise and manage a varying workload for the compliance teamA problem solver creative in finding solutions to issues or approaches to meet a needA team player willing to take on additional responsibilities as needed and able to adapt to changing prioritiesExperience in working with a global, virtual teamExperience with directing business continuity / disaster recovery activities for the organizationExperience with defining processes and using organizational change to implement the new processesExperience - desirablePrevious experience in working in a global professional services environment and in working with international stakeholders.Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture.Experience in identifying, scoping, validating, and implementing a tools to support and improve business processes.BenefitsThere are many benefits of being part of Grant Thornton International, working with a global and diverse team in a virtual setting is just one of them. We pride ourselves on our inclusive culture and believe it's one of our most valuable assets.We also recognise the importance of time off at Grant Thornton International. Taking time away can lead to improved wellbeing and better productivity, which is why we dont cap your leave. So if you need to take that extra Friday off (and Monday too), no problem.We believe work is no longer a location, it is what we do. This should help all of us deliver our best work, while achieving the right balance in our lives. We want to build a culture of virtual inclusivity. One where all our people have the ability to choose what works best for them but also provides our people the best shared working experience utilising the digital tools we have available. GTIL will provide individuals with the necessary support and equipment to work effectively from home. We also have a collaborative space to offer should you prefer working outside of your home.We will offer you access to digital learning options, as well as external training, should you role and development needs require this.We fully understand the importance of balancing your life and we aim to support that with remote working and flexibility within your role. We understand the time you spend outside of work helps shape what you bring into work, so we encourage flexibility on both sides. However, if you prefer to work from the office, this is also something we offer.We also understand the importance of working comfortably in a remote office - most likely your home, which is why we offer all staff a monthly home office allowance to ensure you're well equipped and able to undertake your role to the fullest.These are just some of the benefits of working at Grant Thornton International. We also have a wide range of attractive core benefits including pension, health insurance, wellbeing programmes and much much more.
Job Title
Associate director, Compliance programme manager - Technology (Global role – in