Information Security Officer
Chief Information Security Officer Grant Thornton 1/30/2020 8:07:52 AM JOB ID: 046135 Specialty: Oakbrook Terrace, Illinois
Chief Information Security Officer
About Grant Thornton
Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton has revenues in excess of $1.9 billion and operates more than 50 offices in the United States. Grant Thornton is seeking a strong, knowledgeable, and hand-on information security leader to provide the strategic insights, technical expertise, and execution know-how required to serve as Grant Thornton’s Chief Information Security Officer (CISO).
The CISO reports to the Chief Information Officer (CIO) within Grant Thornton’s Technology and Transformation (T&T) internal client service function. T&T is responsible for the secure and reliable delivery and operation of technology and information assets and for making technology and information an enabler of effective and efficient operations, revenue growth, client service delivery excellence, and quality.
The CISO is the senior-level executive within T&T that is responsible for establishing and maintaining the enterprise vision, comprehensive information security strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs a team that is responsible for identifying, developing, implementing, and maintaining processes, practices and tools that reduce information and technology risks across the enterprise. The CISO leads efforts to prevent and responds to security incidents, establishes appropriate standards and controls, manages security technologies, and implements security policies and procedures.
The CISO is also responsible for achieving and retaining ISO 27001 and 27017 certifications for the firm and for governing the firm’s managed service security provider. The CISO is an advocate for Grant Thornton information security needs and advises senior leadership on security resource investments. The complexity of this position requires a leadership approach that is engaging, imaginative, grounded by technical acumen, and collaborative, with a sophisticated ability to work with other leaders and balance security strategies and interests with other firm priorities.
Overall role purpose
Provide strategic leadership of Grant Thornton’s information security program
Provide security guidance and counsel key members of Grant Thornton leadership team
Oversee the formation and operation of T&T’s information security organization
Promote collaborative, effective security working relationships across Grant Thornton
Establish security program and priorities and manage security governance processes
Lead security planning processes to establish comprehensive security program
Communicate the value of security to build consensus among firm leaders
Establish annual and long-range security and compliance goals
Define security strategies, metrics, reporting mechanisms and program services
Develop and execute continual security program improvement roadmap
Communicate policies, procedures, and guidelines necessary to implement processes for access control, monitoring, and vulnerability management
Manage relationships with third-party providers of service delivery and security monitoring client privacy preferences and personally identifiable information
Apply risk management methods to information technology in order to manage IT risk
Implement standards, governance and security policies that reduce vulnerability
Remain informed about information security issues and regulatory changes
Pursue professional development to continually improve professional security skills
Implement professional development plans for all members of the T&T security team
Protect integrity, availability, authenticity, non-repudiation and confidentiality of data
Use experience in technology, operations and management to deliver value
Develop and implement policies and practices that secure protected and sensitive data
Ensure information security and compliance with relevant legislation
Assess and make recommendations regarding the adequacy of the security controls
Work with internal auditors and outside advisors on required security assessments
Build security/compliance programs to effectively address regulatory requirements.
Work closely with IT leaders, technical experts, and administrative leaders across the firm
Create security awareness programs and advise on security issues and best practices
Act as primary control point during significant information security incidents.
Convene incident response teams, as needed, to investigating security incidences
Manage the people, processes and technologies that provide situational security awareness through the detection, containment, and remediation of IT threats
Identify Risk areas and recommend solutions that reduce risk to acceptable level
Develop, implement and administer technical security standards
Deliver suite of security services and tools to address and mitigate security risk
Develop overall strategy, tactics, plan and execution of IT security services
Direct and respond to security audits and vulnerability assessments
Manage ongoing analysis of security exposures and assess program effectiveness
Lead efforts to evaluate information security risks and monitor compliance with standards
Examine impacts of new technologies and their impact on information security
Perform special projects and other duties as assigned.
Ensure effective identity and access management controls are deployed and used
Support and guide disaster recovery planning and testing
Monitored the internal state of security and work to continually improve
10 years' experience of Information Security, preferably in a professional services environment
Self-starter with the ability and confidence to develop and implement their own projects and workload
Strong written and inter-personal skills
Good organization and time management skills and an ability to manage multiple projects
CCISO, CGEIT, CISA, COBIT, GIAC
Previous experience of working within a national or global professional services environment and with Tax, Audit and Advisory stakeholders
Grant Thornton LLP promotes a nationally recognized culture of health and offers an extensive array of benefits to meet individual lifestyles. For a complete list of benefits please visit http://www.gt.com/.
It is Grant Thornton’s policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law.
REQUIRED FOR CANDIDATES IN LA proper only
For Los Angeles applicants only. We will consider all qualified applicants for employment, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the city of Los Angeles' Fair Chance Initiative for hiring ordinance.
Requisition ID: 046135
Oakbrook Terrace, IL
Oakbrook Terrace, Illinois
Equal Employment Opportunity: It is Grant Thornton’s policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability, or any other characteristic protected by applicable federal, state, or local law.
Copyright Grant Thornton. All rights reserved.