Director, Cyber Risk Operations (Global ROC)

About The Position

Requirements

• 12+ years of experience in cybersecurity, infrastructure security, or technology risk, with 5+ years in senior leadership roles.
• Deep technical background in enterprise infrastructure, cloud platforms (especially Azure), identity systems, and security architecture.
• Hands-on experience with tools such as Qualys, CrowdStrike, Wiz, Azure Security/Defender, and Microsoft Entra ID.
• Proven experience building or scaling cyber risk, vulnerability management, or exposure management programs.
• Strong understanding of cyber risk frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS).
• Demonstrated ability to translate technical findings into business-relevant risk decisions.

Nice To Haves

• Experience standing up a centralized risk operations or exposure management function.
• Background in highly regulated or global enterprise environments.
• Familiarity with SOC 2, cloud compliance, and audit-driven risk management.
• Relevant certifications (CISSP, CISM, CCSP, CRISC, or equivalent).

Responsibilities

• Design and stand up a global Cyber Risk Operations Center (ROC), including operating model, workflows, tooling integration, metrics, and governance.
• Define and operationalize a consistent framework for identifying, prioritizing, tracking, and remediating cyber and infrastructure risk.
• Partner with security architecture, infrastructure, cloud, and application teams to embed risk management into day-to-day operations.
• Own enterprise technology risk visibility across on-prem, cloud, hybrid, and SaaS environments.
• Lead risk assessment and exception management processes, including risk acceptance, compensating controls, and executive-level risk reporting.
• Drive secure configuration assessment and risk management aligned to industry standards (CIS, NIST, Microsoft benchmarks, etc.).
• Oversee cloud security posture, exposure management, and attack path analysis across Azure and multi-cloud environments.
• Leverage tools such as Wiz, Azure Security Center / Defender, and related platforms to identify toxic combinations, misconfigurations, and high-risk attack paths.
• Partner with cloud engineering teams to prioritize remediation based on risk and business impact.
• Lead vulnerability management and endpoint exposure programs using tools such as Qualys and CrowdStrike.
• Ensure risk-based prioritization of vulnerabilities beyond CVSS, incorporating exploitability, asset criticality, and exposure.
• Oversee identity-related risk management, including privileged access, misconfigurations, and conditional access gaps using Microsoft Entra ID and related tooling.
• Partner with IAM teams to reduce identity-driven attack paths and enforce least privilege at scale.
• Own the cyber risk aspects of third-party and supply chain risk, including technology assessments, ongoing monitoring, and issue remediation.
• Integrate third-party risk insights into enterprise risk reporting and decision-making.
• Build and lead a high-performing, globally distributed team of cyber risk professionals.
• Communicate complex technical risk clearly to executives, auditors, and non-technical stakeholders.
• Provide regular risk posture updates to senior leadership, including trends, systemic issues, and material risks.

Benefits

• Whether it’s your work location, weekly schedule, or flex time off, we empower you with the options to work in the way that best serves your clients and your life. Consistent with the firm’s hybrid work model, this position will require in-person attendance at least two days per week, either at a GT office or client site. 
• Here, you are supported to prioritize your overall well-being through work-life integration options that work best for you and those in your household. 
• We understand that your needs, responsibilities and experiences are different — and we think that’s a good thing. That’s why we support you with personalized and comprehensive benefits that recognize and empower all the identities, roles and aspirations that make you, well, you. See how at www.gt.com/careers
• Benefits for internship positions: Grant Thornton interns are eligible to participate in the firm’s medical, dental and vision insurance programs and the firm’s employee assistance program. Interns also receive a minimum of 72 hours of paid sick leave and are paid for firm holidays that fall within their internship period.
• Benefits for seasonal employee positions: Grant Thornton seasonal employees are eligible to participate in the firm’s medical, dental and vision insurance programs and the firm’s employee assistance program. Seasonal employees may also be eligible to participate in the firm’s 401(k) savings plan and employee retirement plan in accordance with applicable plan terms and eligibility requirements. Seasonal employees receive a minimum of 72 hours of paid sick leave. 
• Grant Thornton employees may be eligible for a discretionary, annual bonus based on individual and firm performance, subject to the terms, conditions and eligibility criteria of the applicable bonus plan or program. Interns and seasonal employees are not eligible for bonus compensation.