DIRECTOR, INFORMATION SECURITY

Company: CTI Education Group
Location: Downers Grove
Posted on: February 23, 2021

Job Description:

Grant Thornton is an equal opportunity employer Job Description - Director, Information Security (048545) Job Description Director, Information Security ( Job Number: 048545 ) Description Grant Thornton LLP (Grant Thornton) is the U.S member firm of Grant Thornton International Ltd., one of the world's leading organizations of independent audit, tax and advisory firms. We've never been a typical professional services firm. We put people first, and that is what sets us apart.

As one of the fastest-growing professional services firms in the world, Grant Thornton LLP is continuously seeking top talent. Discover a place where you'll work with a team of professionals, dedicated to providing bold leadership and distinctive client service. Spend each day engaged in meaningful and challenging work. Be supported in your professional growth and recognized for your contributions. Role Description: Grant Thornton is looking for a Director, Information Security which is a leadership role in driving programs and project work streams related to information security governance, risk and compliance. This role will report into the CISO and is expected to be an information security leader, mentoring team members while partnering with other firm leaders to develop, implement and maintain effective information security processes across the firm. The ideal candidate is:

• a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.
• a security and risk thought leader experienced in strategic planning, governance, risk, compliance and overall program management.
• Establish and execute a firm-wide information security program to ensure that the confidentiality, integrity, and availability of information is owned, controlled or processed, stored and transmitted in a manner compliant with firm policies and standards.
• Develop a multi-year information security strategy that addresses identified risks and security requirements.
• Develop and maintain information security policies, standards, guidelines and oversee their dissemination across GT.
• Own and manage the information security committee structure and working groups.
• Oversee information security training & awareness program and maturity.
• Identify knowledge gaps to increase awareness of relevant information security practices.
• Oversee the information security incident management program and creation of the incident response plan.
• Supervise the management of the RSA Archer GRC use case implementations.
• Define and mature the risk management program to include third party risk, application security, end user computing, project due diligence.
• Define and mature the identity & access management program to include oversight of access reviews, implementation of multi-factor authentication, manage and monitor privileged access.
• Guide the creation and oversight of threat & vulnerability management processes.
• Liaise with External Client Services (ECS) and Internal Client Services (ICS) as needed to ensure that GT maintains a strong security posture.
• Oversee the cloud security program across the firm including the CASB.
• Liaise with privacy and compliance team to ensure appropriate support is provided over privacy and compliance activities.
• Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
• Ensure oversight over a managed security service provider.
• Liaise with IT and a managed service provider.
• Establish metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program.
• Provide regular reporting on current state of information security program to the executive management team and committees as appropriate.
• Maintain professional and technical knowledge by attending educational workshops, professional publications, establishing personal networks, and participating in professional societies. Qualifications
  • BS or MA in Computer Science, Information Security, or a related field (e.g., IT Audit, Enterprise Risk Management, etc.) or equivalent work experience.
  • Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM).
  • 15+ year's working within Information Security, with a strong understanding of Governance, Risk and Compliance.
  • 5+ years of progressive experience working in the information security space with demonstrated lead/leadership roles.
  • Strong knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA and deep knowledge and understanding of relevant legal and regulatory requirements/standards applicable to the firm.
  • Experience managing multiple, simultaneous, and high-profile information security initiatives.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgement and maturity.
  • Exhibit strong written and verbal communication skills, interpersonal and collaborative skills with the ability to collaborate with all parts and levels of the organization.
  • Demonstrated experience and in-depth knowledge of IT, information security, risk and compliance.
  • to ensure security tools are effectively utilized and operating, identify gaps in process or procedure and implement new solutions accordingly.
  • Ability to influence cross-functional team members without a direct reporting relationship.
  • Ability to advise and influence both senior IT and business leaders as well as technical staff from all IT disciplines
  • Ability to manage a team of resources associated with Governance, Risk & Compliance including offering strong leadership, coaching and mentoring to the team.
  • Experience with RSA Archer GRC preferred. BENEFITS
    
    Grant Thornton LLP promotes a nationally recognized culture of health and offers an extensive array of benefits to meet individual lifestyles. For a complete list of benefits, please visit www.gt.com . It is Grant Thornton's policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law. FOR LA PROPER ONLY: We will consider all qualified Applicants for employment; including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the city of Los Angeles' Fair Chance Initiative for Hiring ordinance.

Keywords: CTI Education Group, Downers Grove , DIRECTOR, INFORMATION SECURITY, Executive , Downers Grove, Illinois