Audit Manager, Information Security & Risk Management
Grant Thornton INDUS
APAC/Oceania, India, Bengaluru
Oops! You need to have an account to use this feature
Sign up to access features including all filters, job matching, dashboard, apply service, etc.
Compatibility Score
Compatibility Score / Job Matching
This unique feature shows a score indicating how closely this job matches the preferences you set in your profile.
Access to this feature requires signing up.
Salary
Rank
Senior Manager
Responsibility
Systems/Data
Scope
Regional
Workplace
100% in office
Functions
IT
Reports to
Level
N-3
Travel Max:
0%
Posting Date
05-11-2025
Description
The Senior Manager, Information Security Third-party Risk Management position will be an integral member of the Information Security and Risk Management team. This role will be responsible for design, development, implementation and monitoring of risk management program. Work in Chief Information Security Officer (CISO) office under Associate Director, Information Security Governance, Risk and Compliance, this role serves as an information security technology professional for Grant Thornton to support the design, implementation, and maintenance of a cohesive information security governance, risk and compliance program. The successful candidate will have a good mix of deep technical knowledge, understanding of industry best practice, frameworks and regulations, and a demonstrated background in information security risk management program.
An experienced and motivated risk and compliance individual contributor is needed to work across a matrixed team in place today and growing in the future. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple timelines, and managing complex, cross discipline projects.
Key Responsibilities
- Advance the information security third-party risk management framework and develop risk appetite
- Develop effective strategies for addressing high-risk suppliers.
- Oversee and perform security risk assessments, business impact analyses, and security control evaluations across third-party vendors in OneTrust.
- Prepare risk register in OneTrust to monitor and track risks.
- Provide supply chain security assessment remediation oversight and facilitate development of CUECs todocument shared responsibility model.
- Perform client MSA security terms and conditions review and provide feedback to legal team.
- Ensure compliance with relevant firm security policies.
- Support iterative review of assessment results, working with appropriate stakeholders across the lines of defense
- Establish risk reporting and escalation processes
- Remain up to date with emerging threats, best practices and relevant legislation
- Work and communicate hand-in-hand with both external and internal stakeholders on critical issues that are directly impacting the business.
- Contribute to the development of scalable models and tools that speed up both decision making and accuracy for the organization.
- Meet with stakeholders to gather and integrate feedback and evangelize the program
- Perform and facilitate the collection, review, and assimilation of risk assessment data and reporting into concise and meaningful reports/dashboards for leadership.
- Take leading role in drafting and presenting deep-dive documents, including responses to senior executives.
Qualification & Requirements
Skills
The ideal candidate:
- Is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.
- Possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies.
- Possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role.
- Global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly.
- Thinks strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of risk management processes and risk reporting.
Experience
- Experience with information security risk management framework, assessment, audit and controls based on industry standard frameworks (i.e. NIST; ISO; COSO; HiTrust, FAIR)
- Experience with regulatory requirements (i.e. PCI; GDPR; HIPPA; Privacy; CCPA; etc.)
- Experience using GRC tools and technologies in support of the assessment/audit process (OneTrust, Security Scorecard, Bitsight, etc.)
- Experience gathering information from a range of different sources to help identify weaknesses in security controls
- Expert with security control design, development, implementation, and monitoring
- Demonstrated experience across multiple information security domains preferred
Qualifications
- Bachelor’s degree in Computer Science, Engineering or related field or equivalent work experience
- CISA, CRISC, CISM, or CISSP certifications (one or more) preferred
- Demonstrated advanced verbal and written communication skills
- Excellent organization skills and be a self-motivated learner
- Hands-on experience building out Information Security third-party risk management program
Benefits
Through our competitive total rewards strategy, we offer you so much more than just a paycheck. We offer a comprehensive portfolio of health, welfare and retirement plans, and an environment where you are supported to pursue your professional and personal aspirations.
Company Profile
Grant Thornton INDUS
Industry
Accounting
Revenue
$7.5B
Employees
9,000
Fortune 500 Rank
NA
Global 500 Rank
NA
Clicking the link below will open a new window in your browser where you can apply directly to this role. Please check out our Pricing Plans if you’d like us to apply to jobs on your behalf.
