Grant Thornton -
Grant Thornton is a collaborative, entrepreneurial firm on the move! As part of a dynamic, global organization of more than 42,000 people serving clients in more than 120 countries, we have the agility and focus it takes to be a leader.
Grant Thornton’s Advisory professionals are progressive thinkers who create, protect, transform value today, so our clients have the opportunity to thrive and grow. Our advisory practice creates holistic solutions delivered by innovative, curious professionals who bring technical depth and industry insight to our clients.
Cyber Risk Manager
As part of the Business Advisory Services Practice, the Cyber Risk services team has organized its solutions around three core principles that provide Alignment, Integration and Managed Outcomes for security programs. Strategy solutions are part of the Alignment set of capabilities and support the development of frameworks, methodologies and intellectual property that encourages managing information risk across the enterprise thus enabling companies to leverage processes and programs that support more informed decision making. The Cyber Risk practice leverages Strategy solutions to support all of its Cyber Risk service offerings.
Grant Thornton’s Cyber Risk Strategy capabilities include building Intellectual property that can be leveraged across all of the Cyber Risk solutions such as benchmark data, security metrics, security frameworks, methodologies and maturity models. Strategy solutions will also include developing and delivering capabilities such as policies and procedures, governance, IT asset management, risk assessment, program maturity and other related services.
The Strategy solutions manager will be an important member leading client projects and staff to deliver quality in addressing client needs. The qualified applicant will be able to effectively and efficiently supervise teams of practitioners and apply Grant Thornton and Industry specific methodologies and Cyber Risk solution capabilities for clients across multiple industries and maturity levels.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
· Assist with the development of sales opportunities
· Manage teams to deliver Cyber Risk projects in a people-oriented and mentoring culture
· Assist leadership with maintaining productive relationships with client management.
· Assist with the development of training, recruiting, and staffing programs, and/or other practice-wide needs.
· Develop long-term relationships and networks.
· Generate new business opportunities, operate in a matrix environment, and work in a cross-functional team to drive $500k in sales and manage projects and teams that contribute $750K in revenue.
· Familiarity with Cyber Risk standards and models is preferred.
· Ability to communicate difficult subject matter in a clear and concise fashion is important.
· Ability to work with different delivery teams to support Strategy capabilities as part of larger projects is required.
· Ability to consider updated thinking to solve traditional security challenges is important.
· Experience with utilizing and managing offshore teams is a plus
· Promote and implement procedures for use of specific technologies and protocols in the delivery of Strategy related solutions.
· Communicate (verbally and in writing) externally with clients and internally with all levels of the organization to successfully accomplish objectives portraying knowledge and confidence.
· Motivate others to perform at maximum efficiency without sacrificing quality of the services delivered.
· Assist practice leadership in creating proposals, budgets, and workplans. Participate in other business development activities as appropriate.
· Maintain a good working relationship with clients and work effectively with client management and staff at all levels to gather information and perform services.
· Work closely with Grant Thornton leadership to promptly identify and resolve client problems or issues.
· Other duties as assigned.
· Bachelor's degree in Cybersecurity, Information Technology, Computer Science or a related field is required.
· One or more of the following industry certifications is required: CISSP, SANS GIAC, CISM.
· Six to ten years of related work experience in a similar consulting practice or function, servicing cross- industry clients at a national level. This level of experience is required in one or more of the following areas:
o Vulnerability assessments, network penetration tests, wireless security assessments, web application security assessments, and social engineering activities. Hands-on working experience with commercial and open-source network and application security testing tools (E.g. Kali Linux, Nessus, Metasploit, Burp Suite, etc.) is expected.
o Designing and implementing asset management solutions, including performing asset discovery and profiling. Hands-on working experience with relevant enterprise technology (E.g. Tanium, ServiceNow, HP UCMDB, etc.) is expected.
o Designing and implementing threat and vulnerability management solutions. Hands-on working experience with relevant enterprise technology (E.g. Qualys, Rapid 7, Brinqa, Kenna, ServiceNow, Securonix, etc.) is expected.
o Assessing, designing and implementing application security programs, including facilitating a secure SDLC and performing code analysis. Hands-on working experience with enterprise tools (E.g. HP Fortify, Veracode, etc.) is expected.
o Assessing, designing and implementing security logging and monitoring solutions and platforms. Hands-on working experience with relevant SIEM technology (E.g. QRadar, ArcSight, LogRhythm, Splunk, etc.) is expected.
o Designing and implementing security operations center process development, operationalization and optimization strategies.
o Assessing insider threats and designing and implementing insider threat management programs.
· Experience with the secure configuration of various infrastructure platforms and devices such as Microsoft Windows, Unix / Linux, and common network devices (routers, switches, firewalls)
· Working knowledge of cybersecurity industry best practices and guidance, including NIST Cybersecurity Framework and SP 800 series, OWASP, CIS Critical Security Controls, ISO 27001/2. Understanding of TCP/IP protocol suite.Experience in project management and the ability to clearly communicate security technology issues verbally on both a formal and informal basis to all levels of client staff.
· Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
· Ability to work additional hours as needed and travel on a regular basis to clients as required.
· Travel for this position can go as high as 60%.
Grant Thornton LLP promotes a nationally recognized culture of health and offers an extensive array of benefits to meet individual lifestyles. For a complete list of benefits please visit http://www.gt.com/.
Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton has revenues in excess of $1.3 billion and operates 57 offices across the U.S., with more than 500 partners and 6,000 employees.
Grant Thornton works with a broad range of publicly and privately held companies, government agencies, financial institutions, and civic and religious organizations. Core industries served include consumer and industrial products, financial services, not-for-profit, private equity, and technology. Grant Thornton focuses on serving dynamic organizations that pursue growth holistically whether through revenue improvement, leadership, mission fulfillment or innovation.
It is Grant Thornton’s policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law.
Requisition ID: 036749