GRC Lead - Work from home with occasional travel

Job Description

More than you expected Grant Thornton UK LLP is part of a global network of independent audit, tax and advisory firms, made up of some 58,000 people in over 135 countries. Were a team of independent thinkers who put quality, inclusion and integrity first. All around the worldwe bring a different experience to our clients. A better experience. One that delivers the expertise they need in a way that goes beyond. Personal, proactive, and agile. Thats Grant Thornton. NEW GROUND WONT BREAK ITSELF. Every day our teams help people in businesses and communities to do what is right and achieve their goals.The Grant Thornton Cyber Defence Centre are an established MSSP at the forefront of Cyber solutions, working with industry leading technologies. We offer a path for progression and invest in our workforce. Initiative is encouraged and support is always availableacross the team and wider group. We work collaboratively and cross functionally, boasting a healthy ethos.The GRC Lead role, you will be responsible for the development and implementation of a complete Cyber Security Program. You will work with the multiple service lines and external stakeholders to ensure governance, compliance and risk management frameworksand policies are in place.Were happy to talk flexible working and consider reduced hours and job shares, well support you to balance your work and life.A look into the role As a GRC Lead within our Cyber Defence Centre you will:

• Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances business objectives.
• Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves PCCs security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
• Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
• Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
• Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, phishing, and social engineering tests and attacks.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Assists other staff in the management and oversight of security program functions.

Knowing youre right for us Joining us as a GRC Lead, the minimum criteria youll need is strong Information Security background. A passion for cyber security with relevant Information Security qualification(s) is essential and a 2.1 Degree (or above) in STEM would be preferable.It would be great if you had some of the following skills, but dont worry if you dont tick every box, well help you develop along the way.

• Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations.
• Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
• Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
• Information systems auditing, monitoring, controlling, and assessment process.
• Risk assessment and management methodology.
• Deep knowledge of cyber security standards such as ISO27001, NIST, CIS Top 20
• Developing and implementing enterprise governance, risk, and compliance strategy and solutions.
• Researching and locating information related to internal and external organizations using online and other sources.
• Troubleshooting and operating a computer and various software packages.
• Defining problems, collecting and analysing data, establishing facts and drawing valid conclusions.

Knowing were right for youEmbracing uniqueness, the culture at Grant Thornton thrives on the contributions of all our people, we never settle for what is easy, we look beyond to deliver the right thing, for everyone. Building an inclusive culture, where we value difference and respectour colleagues helps our people to perform at the best of their ability and realise their potential.Our open and accessible culture means youll interact with leaders who are interested in you and everything you bring to our firm. The things that set you apart, we value them. Thats why we give you the freedom to bring your whole self to work and pursueyour passions inside and outside of work.Beyond the job Life is more than work. The things you do, and the people youre with outside of work matter, thats why were happy to look at flexible working options for all our roles, and well always do our best to keep your work and life in balance.The impact you can make here will go far beyond your day job. From secondments, to fundraising for local charities, or investing in entrepreneurs in the developing world, youll be giving back to society. Its that drive to do the right thing that runs throughour every move, grounded in our CLEARR valuesCollaboration, Leadership, Excellence, Agility, Respect and Responsibility.Were looking for people who want to contribute, spark fresh ideas and go beyond expectations. People who want to be able to proudly do whats right, for the firm, our clients, our people and themselves. Its how it should be.#LI-ME1#GTRO