Cyber & Technology Internal Audit Manager | Hybrid

At Grant Thornton we do things differently - looking to the future, driving ambitious growth and pioneering positive change in our industry. Providing audit, tax and advisory services, we empower clients through strategic insight, curiosity, and genuine partnership. And we empower our people with real opportunity, an inclusive culture and work life balance.

With over 5,000 people in the UK, and a presence in 150 global markets, we're on an ambitious journey, from great to exceptional, and we need the best people to help us achieve our potential.

Our Business Risk Services practice focuses on helping organisations manage risk, improve operational processes and realise strategic objectives. Our team brings together a range of skills and experience across sector specialisms.

Grant Thornton's Technology Risk Services team (TRS) provides the advice necessary to help clients manage risk associated with their use of technology. Our professionals can deliver objective, value-added solutions that will enable clients to strengthen internal controls and governance processes, implement sound organisational strategies, increase technological capabilities and improve their operational efficiency.

TRS is part of Grant Thornton's Business Risk Services (‘BRS’) department, who provide internal audit and risk advisory services to the FTSE 250, large and complex Corporates, international and major charities and not-for-profit organisations, and central government departments.

We’re happy to talk flexible working and consider reduced hours and job shares, we’ll support you to balance your work and life.

As a Technology Risk Services Manager, focusing on cyber and information security, within our Business Risk Services (BRS) team you will:

• Take ownership and lead on allocated assignments in a way that exceeds client expectations while taking responsibility for managing and developing staff.
• Be responsible for delivering a number of cyber and information security-focused IT internal audit engagements, and manage wider relationships with clients.
• Lead on planning conversations with clients, and in the preparation of draft terms of reference/audit planning documents.
• Deliver fieldwork, ensuring all work is performed in accordance with Grant Thornton methodologies, that sufficient and appropriate testing has been performed, and evidence to support key decisions has been obtained.
• Hold close-out meetings with clients to ensure that they have a full understanding of issues identified and these are agreed, and write reports summarising the key observations from the work performed.
• Assist with the financial management of client relationships, including monitoring WIP, raising invoices, and drafting annual budgets.

Joining us as a Technology Risk Services Manager, the minimum criteria you’ll need is a professional qualification (CISA, CISM, CISP, or similar) with post qualification experience, and to be confident managing a large portfolio of internal audit clients. It would be great if you had some of the following skills, but don’t worry if you don’t tick every box, we’ll help you develop along the way.

• Experience of scoping, delivering, and reporting on cyber and information security related internal audits, and performing related gap assessments/maturity assessments.
• Experience in assessing and testing technical security controls in areas such as firewalls, cloud configurations, network monitoring and antimalware solutions, and asset hardening arrangements.
• Familiar with reviewing cyber security testing and incident response processes, cyber and information security governance arrangements, and third-party assurance measures.
• Strong experience of undertaking interviews, written analysis, and writing reports for clients on cyber and information security.
• Solid understanding of cyber security controls, technology, and frameworks (such as NIST, CIS, Cyber Essentials, GDPR, etc.).
• Professional security certifications (such as CISSP or CISM) are desirable.
• Experience in assessing data protection processes and controls, including the GDPR and other related regulations.
• Extensive experience of using audit software and Microsoft packages.
• Experience of managing audits and able to build extensive and active internal networks which crosses geographical and client service boundaries.

Embracing uniqueness, the culture at Grant Thornton thrives on the contributions of all our people, we never settle for what is easy, we look beyond to deliver the right thing, for everyone. Building an inclusive culture, where we value difference and respect our colleagues helps our people to perform at the best of their ability and realise their potential.

Our open and accessible culture means you’ll interact with leaders who are interested in you and everything you bring to our firm. The things that set you apart, we value them. That’s why we give you the freedom to bring your whole self to work and pursue your passions inside and outside of work.

Life is more than work. The things you do, and the people you’re with outside of work matter, that’s why we’re happy to look at flexible working options for all our roles, and we’ll always do our best to keep your work and life in balance.

The impact you can make here will go far beyond your day job. From secondments, to fundraising for local charities, or investing in entrepreneurs in the developing world, you’ll be giving back to society. It’s that drive to do the right thing that runs through our every move, grounded in our firm’s values – purposefully driven, actively curious and candid but kind.

We’re looking for people who want to contribute, spark fresh ideas and go beyond expectations. People who want to be able to proudly do what’s right, for the firm, our clients, our people and themselves.