DIRECTOR, INFORMATION SECURITY
Company: CTI Education Group
Location: Downers Grove
Posted on: February 23, 2021
Grant Thornton is an equal opportunity employer Job Description
- Director, Information Security (048545) Job Description Director,
Information Security ( Job Number: 048545 ) Description Grant
Thornton LLP (Grant Thornton) is the U.S member firm of Grant
Thornton International Ltd., one of the world's leading
organizations of independent audit, tax and advisory firms. We've
never been a typical professional services firm. We put people
first, and that is what sets us apart.
As one of the fastest-growing professional services firms in the
world, Grant Thornton LLP is continuously seeking top talent.
Discover a place where you'll work with a team of professionals,
dedicated to providing bold leadership and distinctive client
service. Spend each day engaged in meaningful and challenging work.
Be supported in your professional growth and recognized for your
contributions. Role Description: Grant Thornton is looking for a
Director, Information Security which is a leadership role in
driving programs and project work streams related to information
security governance, risk and compliance. This role will report
into the CISO and is expected to be an information security leader,
mentoring team members while partnering with other firm leaders to
develop, implement and maintain effective information security
processes across the firm. The ideal candidate is:
- a self-starter, with the ability to drive tasks to completion
independently and learn new skills on the job as program
- a security and risk thought leader experienced in strategic
planning, governance, risk, compliance and overall program
- Establish and execute a firm-wide information security program
to ensure that the confidentiality, integrity, and availability of
information is owned, controlled or processed, stored and
transmitted in a manner compliant with firm policies and
- Develop a multi-year information security strategy that
addresses identified risks and security requirements.
- Develop and maintain information security policies, standards,
guidelines and oversee their dissemination across GT.
- Own and manage the information security committee structure and
- Oversee information security training & awareness program and
- Identify knowledge gaps to increase awareness of relevant
information security practices.
- Oversee the information security incident management program
and creation of the incident response plan.
- Supervise the management of the RSA Archer GRC use case
- Define and mature the risk management program to include third
party risk, application security, end user computing, project due
- Define and mature the identity & access management program to
include oversight of access reviews, implementation of multi-factor
authentication, manage and monitor privileged access.
- Guide the creation and oversight of threat & vulnerability
- Liaise with External Client Services (ECS) and Internal Client
Services (ICS) as needed to ensure that GT maintains a strong
- Oversee the cloud security program across the firm including
- Liaise with privacy and compliance team to ensure appropriate
support is provided over privacy and compliance activities.
- Monitor external threat environment for emerging threats and
advise relevant stakeholders on appropriate courses of action.
- Ensure oversight over a managed security service provider.
- Liaise with IT and a managed service provider.
- Establish metrics and reporting framework to measure the
efficiency, effectiveness, and maturity level of the program.
- Provide regular reporting on current state of information
security program to the executive management team and committees as
- Maintain professional and technical knowledge by attending
educational workshops, professional publications, establishing
personal networks, and participating in professional societies.
- BS or MA in Computer Science, Information Security, or a
related field (e.g., IT Audit, Enterprise Risk Management, etc.) or
equivalent work experience.
- Certified Information Systems Security Professional (CISSP)
and/or Certified Information Security Manager (CISM).
- 15+ year's working within Information Security, with a strong
understanding of Governance, Risk and Compliance.
- 5+ years of progressive experience working in the information
security space with demonstrated lead/leadership roles.
- Strong knowledge of common information security management
frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA and deep
knowledge and understanding of relevant legal and regulatory
requirements/standards applicable to the firm.
- Experience managing multiple, simultaneous, and high-profile
information security initiatives.
- High level of personal integrity, as well as the ability to
professionally handle confidential matters, and show an appropriate
level of judgement and maturity.
- Exhibit strong written and verbal communication skills,
interpersonal and collaborative skills with the ability to
collaborate with all parts and levels of the organization.
- Demonstrated experience and in-depth knowledge of IT,
information security, risk and compliance.
- to ensure security tools are effectively utilized and
operating, identify gaps in process or procedure and implement new
- Ability to influence cross-functional team members without a
direct reporting relationship.
- Ability to advise and influence both senior IT and business
leaders as well as technical staff from all IT disciplines
- Ability to manage a team of resources associated with
Governance, Risk & Compliance including offering strong leadership,
coaching and mentoring to the team.
- Experience with RSA Archer GRC preferred. BENEFITS
Grant Thornton LLP promotes a nationally recognized culture of
health and offers an extensive array of benefits to meet individual
lifestyles. For a complete list of benefits, please visit
www.gt.com . It is Grant Thornton's policy to promote equal
employment opportunities. All personnel decisions, including, but
not limited to, recruiting, hiring, training, promotion,
compensation, benefits and termination, are made without regard to
race, creed, color, religion, national origin, sex, age, marital
status, sexual orientation, gender identity, citizenship status,
veteran status, disability or any other characteristic protected by
applicable federal, state or local law. FOR LA PROPER ONLY: We will
consider all qualified Applicants for employment; including those
with criminal histories, in a manner consistent with the
requirements of applicable state and local laws, including the city
of Los Angeles' Fair Chance Initiative for Hiring ordinance.
Keywords: CTI Education Group, Downers Grove , DIRECTOR, INFORMATION SECURITY, Executive , Downers Grove, Illinois
Didn't find what you're looking for? Search again!