Associate director, Compliance programme manager - Technology (Global role – in a virtual working environment)

About Grant Thornton

Grant Thornton is one of the world’s leading professional services networks with member firms in over 150 countries, 80,000 people and global revenues of $8.5bn. Member firms offer audit, tax, and advisory services to privately owned companies, publicly listed companies, public sector and not for profit organisations, both domestically and internationally. Grant Thornton International Ltd (GTIL) is the umbrella legal entity for the Grant Thornton global network of member firms. GTIL sets the strategic direction, convenes member firms, connects global communities, and protects the brand and reputation of the network. GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UN’s Sustainable Development Goals (SDGs). At GTIL, we encourage applications from individuals of all backgrounds, experiences, and perspectives. We believe talent is everywhere. We actively source and encourage applications from all around the globe to encourage new ways of working and tackling complex challenges together.

Role purpose

The primary purpose of this role is to direct and manage the Grant Thornton International Ltd.’s IT Compliance programme which:

• Responds to internal and external compliance assessments (e.g. GDPR, NIST CSF, ISQM1, SOC2, etc.)
• Supports GTIL’s Cybersecurity team in maintaining and communicating policies and standards
• Supports IT operations in implementing processes and procedures to improve GTIL’s security and compliance posture

The ideal candidate will have experience:

• Managing IT or security projects
• Managing compliance programs and assessments
• Interacting with all levels of personnel (from executives to associates) within IT, cybersecurity, and business representatives

The candidate must be able to:

• Synthesize information to communicate clearly
• Develop and deliver plans and organise the team to achieve goals
• Define, implement, and audit technology and security governance requirements (e.g. policies and standards)
• Develop and implement new processes / procedures in support of compliance requirements
• Leverage the compliance programme to identify ways to bring value to the GTIL organization and the GT network

Main Responsibilities

The Associate director will manage and direct IT compliance programme, including:

• Define the ongoing strategy, objectives, and activities for the compliance programme including the necessary budget and resources to support this programme
• Manage the IT compliance team to achieve the strategy and objectives
• Coordinate with executives and stakeholders to clearly define compliance requirements and schedule
• Coordinate between assessors and GTIL to efficiently handle assessments, report results, findings, and remediation actions
• Facilitate the management of risk identification and review across the technology and security organizations
• Provide oversight for IT compliance team activities including:

• Responding to internally initiated assessments (e.g. NIST CSF, SOC2, ISQM1, etc.)
• Defining standards for responding to compliance questions from Grant Thornton’s member firms and ensuring these questions are answered in a timely manner
• Implementing and continually improving compliance related processes, particularly for the collection of evidence to support assessments and compliance questions
• Leveraging the available tools to automate and support efficient compliance processes
• Driving the creation and update of technology and security policies and developing any necessary standards to support these policies
• Developing a method to audit compliance with the technology and security policies and standards
• Providing a framework for the organization to improve business continuity and disaster recovery capabilities

Location

Ideally Canada or UK/Europe.

Person Specification

Bachelor’s degree or equivalent experience in IT and Cybersecurity (essential)

Industry certifications such as ISACA-CISA, ISC2-CC, etc. (desirable)

Experience - essential

• Extensive experience of programme / project management
• Extensive experience working in cybersecurity and / or IT operations
• Programme leadership experience, e.g. able to own the compliance programme, define and implement strategy, and manage the team to achieve goals with limited oversight
• Management of compliance assessments
• General understanding of Infrastructure, Operations, Cybersecurity, and relevant regulatory requirements and assurance processes, including various auditing standards such as NIST CSF, ISO27001, and SOC2, GDPR
• Excellent communication and interpersonal skills, both verbal and written
• Ability to synthesize and present material in a concise understandable form to various target audiences – particularly to clarify the value of the compliance programme and its roadmap to executives
• Excellent organisational skills and the ability to prioritise and manage a varying workload for the compliance team
• A problem solver creative in finding solutions to issues or approaches to meet a need
• A team player willing to take on additional responsibilities as needed and able to adapt to changing priorities
• Experience in working with a global, virtual team
• Experience with directing business continuity / disaster recovery activities for the organization
• Experience with defining processes and using organizational change to implement the new processes

Experience - desirable

• Previous experience in working in a global professional services environment and in working with international stakeholders.
• Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture.
• Experience in identifying, scoping, validating, and implementing a tools to support and improve business processes.

Benefits

There are many benefits of being part of Grant Thornton International, working with a global and diverse team in a virtual setting is just one of them. We pride ourselves on our inclusive culture and believe it's one of our most valuable assets. We also recognise the importance of time off at Grant Thornton International. Taking time away can lead to improved wellbeing and better productivity, which is why we don’t cap your leave. So if you need to take that extra Friday off (and Monday too), no problem. We believe work is no longer a location, it is what we do. This should help all of us deliver our best work, while achieving the right balance in our lives. We want to build a culture of virtual inclusivity. One where all our people have the ability to choose what works best for them but also provides our people the best shared working experience utilising the digital tools we have available. GTIL will provide individuals with the necessary support and equipment to work effectively from home. We also have a collaborative space to offer should you prefer working outside of your home. We will offer you access to digital learning options, as well as external training, should your role and development needs require this. We fully understand the importance of balancing your life and we aim to support that with remote working and flexibility within your role. We understand the time you spend outside of work helps shape what you bring into work, so we encourage flexibility on both sides. However, if you prefer to work from the office, this is also something we offer. We also understand the importance of working comfortably in a remote office - most likely your home, which is why we offer all staff a monthly home office allowance to ensure you’re well equipped and able to undertake your role to the fullest. These are just some of the benefits of working at Grant Thornton International. We also have a wide range of attractive core benefits including pension, health insurance, wellbeing programmes and much much more.