Senior Associate, Information Security & Risk Management

Senior Associate, Information Security & Risk Management

We are Grant Thornton. We go beyond business as usual, so you can too.

Grant Thornton Ireland (GT) has nearly 3,000 people in 9 offices across Ireland, The Isle of Man, Gibraltar, and Bermuda, with a presence in over 145 countries around the world, and a global network of over 68,000 people

At GT, we work as trusted advisors, bringing local knowledge and national expertise, with a global presence, to help businesses succeed – wherever they are located. We make business more personal by investing in building relationships and empowering our clients to make the right decisions for their organisation now and for the future. Whether that is working with the public sector to build thriving communities, with regulators and financial institutions to build trust, or with a diverse range of businesses to help them achieve their goals, Grant Thornton Ireland work hard to support clients to act on the issues that matter.

At GT Ireland we don’t just predict your future, we build it.

A Career at GT

Looking for a more fulfilling role in professional services? One where fresh thinking, collaboration and diversity are valued? At Grant Thornton we do things differently.

What does this mean for you?

A career in a more inclusive working environment, a more collaborative work culture, a more supported, flexible working role, more possibilities to grow and more opportunities to help shape the future for your clients. We respect and value your experience. And we want you to bring your authentic self to work and be at your best. It is how it should be.

Grow with us

At Grant Thornton, we care about our people and work hard to make you feel valued. If you are looking to deepen and develop your skills, knowledge, and experience throughout your career, then that is what you will get, and more.

The Sr. Associate, Information Security position will be an integral member of the Governance, Risk & Compliance team. This role will be responsible for organizing and managing evidence for external audits. Work in Chief Information Security Officer (CISO) office under Director, Information Security Governance, Risk and Compliance. Successful candidate will have a good mix of security knowledge, understanding of industry best practice, and a demonstrated background in information security risk management.

The candidate will be responsible for managing and responding to client security questionnaires, audits, and assessments related to the organization’s information security posture. This role involves working closely with internal teams, clients, and external auditors to ensure the company’s security practices align with industry standards and client requirements. The manager will also coordinate audit activities to ensure compliance with security frameworks and regulations.

The ideal candidate :

is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.

possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies.

possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role. Successful candidate will develop strong relationships, collaborate across teams, coordinate multiple timelines, and manage complex, cross discipline projects.

global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly.

Responsibilities : Governance :

Participate in development of IT & Security policies, standards, and controls.

Develop and implement procedures and processes in area of ownership.

Participate in annual control attestation.

Measure and report on security metrics and key performance indicators.

Respond to cyber insurance questionnaires based on implemented security controls, certifications, and policies.

Risk & Compliance Management :

Conduct security risk assessments to identify and mitigate risks.

Collaborate with internal teams to design and implement mitigation strategies for identified risks.

Establish a repository of standardized security questionnaire responses and ensure they are updated with the implemented security controls, certifications, and policies.

Manage responses to client security questionnaires in a timely and accurate manner.

Collaborate with internal teams (e.g., IT, legal, Information Security) to gather necessary documentation and information for client inquiries.

Serve as the main point of contact for clients regarding security and IT related audit inquiries and responses. Engage with clients and third-party auditors in discussions around the organization's security posture.

Prepare and provide evidence for security audits, ensuring all documentation is complete and accurate.

Collaborate with control owners to create corrective action plans to ensure appropriate remediation efforts are implemented and completed in a timely manner.

Identify opportunities to improve the efficiency and effectiveness of client questionnaire responses and audit processes.

Continuously improve the organization's internal audit and compliance processes to meet client expectations.

Communicate effectively with internal stakeholders, including IT, legal, compliance, and leadership, to ensure timely responses to audits and questionnaires.

Provide recommendations to management regarding areas of improvement in security practices and compliance.

Experience :

5+ years of experience in information security, with a focus on audit management.

Experience with responding to security questionnaires and managing client audits.

Experience in managing third-party audits and internal audit processes.

Familiarity with compliance frameworks such as NIST, ISO 27001, and others.

Experience using GRC tools and technologies in support of the assessment / audit process (OneTrust, Security Scorecard, Bitsight, etc.).

Demonstrated advanced verbal and written communication skills.

Excellent project management and organizational skills, with the ability to handle multiple audits and client requests simultaneously.

Excellent organization skills and be a self-motivated learner.

Qualifications :

Bachelor’s degree in information security, Cybersecurity, Computer Science, Engineering or related field or equivalent work experience.

CISA, CRISC, CISM, or CISSP certifications (one or more) preferred.

Hands-on experience in conducting information security risk and compliance assessments.

Life at GT

Reward and benefits :

Our reward and benefits are designed to create an environment where our people can flourish. We are committed to building a culture where our people have access to the necessary benefits to help promote a healthy lifestyle and thrive.

Equity, diversity and inclusion

At Grant Thornton, we provide equitable opportunities for all our colleagues. We are a responsible, sustainable business where equity, diversity and inclusion (ED&I) is at the forefront of our workplace culture agenda, and today, we continue to build and develop on our existing ED&I structure and strategy to meet our workplace culture needs. People are at the heart of our business and teams built with varied backgrounds, racial differences, cultures, sexual orientations, religious orientations, ages, gender identities, abilities and family types present diverse viewpoints, which need to be heard and valued.

We are all at our best when we are able to be ourselves and we view integrity and authenticity as integral values to bring to our day-to-day work-life at the firm. We are excited to see the personality and perspectives you will bring to our team because we know we will all benefit from them. Diversity of thought, background and experience enables better decision-making, improves the quality of our delivery, and helps us to meet the needs of our clients. Our firm is built on people and their ideas, so we want to hear all the new perspectives and fresh thinking you have to offer. You form the bedrock of our firm’s best-practice principles and we will champion you as leaders from day one.

Recognition :

We want to create a culture of recognition and celebrating success, by saying thank you to people who surpass our expectations and recognising the right values and behaviours. Our recognition scheme is our way of highlighting and promoting achievements. Whether you simply want to say thank you, celebrate a special occasion or give an award for doing something exceptional, you can do all of this and more through the scheme.

LI-KS1