Chief Information Security Officer in London

Grant Thornton, a leading professional services firm, is undertaking a significant technology‑led transformation, including the enterprise deployment of generative AI and modernisation of data platforms. As part of this journey, we are seeking a Chief Information Security Officer (CISO) to drive security governance and risk management across the organisation.

The CISO will be the firm’s senior IT security authority, reporting directly to the CIO. The role bridges strategic risk ownership with hands‑on governance, ensuring security is embedded by design into platforms, products and processes. It is a hands‑on leadership position that owns the security framework, leads a team and represents security at the highest levels of senior leadership.

Key Responsibilities

• Develop and maintain the Information Security strategy, aligned to IT strategy, CDO priorities and the digital transformation programme.
• Own and operate the Information Security Management System (ISMS) to ensure compliance with ISO 27001 and other applicable standards.
• Provide senior input to risk committees on AI and information security and represent security at the AI Governance Board.
• Maintain and report on a cyber risk register, providing regular posture updates to the CIO, CDO and governance forums.
• Lead security governance for the firm’s generative AI programme, assessing and governing emerging risks from AI‑generated outputs, artefact hosting, client‑facing microsites and third‑party integrations.
• Ensure the security posture meets obligations to professional standards bodies (ICAEW, FRC), client contractual requirements and applicable regulation.
• Lead incident response governance, including classification, escalation, investigation and lessons‑learned processes for cyber and information security incidents.
• Oversee third‑party and supplier security risk management, including due diligence on SaaS platforms and cloud infrastructure providers.
• Support or lead engagement with cyber insurers, clients, external auditors and regulatory enquiries related to information security.
• Drive a security‑aware culture, developing and maintaining a training and awareness programme that is engaging and proportionate.
• Champion a ‘secure by design’ mindset across IT, the digital team and the wider business as new products and platforms are introduced.
• Lead, manage and develop the security function, including GRC, security engineering and awareness roles.
• Act as the primary escalation point and senior authority for all security matters, providing clear and credible advice to the CIO, CDO and firm leadership.
• Represent Grant Thornton UK in external forums, industry bodies and client conversations where security governance or assurance is relevant.
• Build influence and effective working relationships with the CISO community across the Grant Thornton International network.

Essential Experience

• Proven experience as a CISO or senior information security leader in a professional services, financial services or similarly regulated environment.
• Demonstrable track record of developing and operating an ISMS, managing a cyber risk register, and reporting to senior leadership and governance forums.
• Hands‑on experience governing AI platforms from a security and compliance perspective, including data governance, audit logging and acceptable use.
• Experience owning DLP controls, incident response processes and third‑party security risk management in a cloud‑first environment.
• Strong grasp of relevant compliance frameworks: ISO 27001, NIST CSF, UK GDPR and professional services regulatory obligations.

Desirable Experience

• Familiarity with generative AI platforms, LLM governance and emerging risks from AI‑generated content and tool integrations.
• Experience with CrowdStrike or equivalent EDR/SIEM platforms, including integration with compliance logging pipelines.
• Exposure to Microsoft Fabric, Databricks or similar data platform environments.
• Experience operating within a Big Four or Top Ten professional services firm, including understanding of client confidentiality obligations and engagement letter governance.

Qualifications

• CISSP, CISM or equivalent professional certification.
• ISO 27001 Lead Implementer or Auditor (desirable).
• Degree in Information Technology, Cybersecurity, Computer Science or a related discipline, or equivalent professional experience.

Benefits

• Competitive salary and reward package.
• Tailored development programmes and access to coaching.
• Flexible bank holidays and additional holiday purchasing.
• Pension, life assurance and private medical benefits.
• Optional benefits such as shopping discounts, gym memberships and financial advice.

How We Work

We operate on a trust‑based framework that offers flexibility in where, how and when we work. Reduced contracted hours, condensed schedules and flexible working arrangements are supported. Staff can request a flexible arrangement through the firm’s flexible working policy. We are an equal opportunity employer and encourage applications from all backgrounds.