IT Risk Cyber Internal Audit Experienced Associate

Grant Thornton LLP•New York, NY

29d•$73,400 - $110,200

About The Position

As a member of Grant Thornton's Cybersecurity Internal Audit (IA Cybersecurity) team, you will have the opportunity to collaborate with our clients and deliver consulting and advisory services across a broad spectrum of areas related to cyber risk. You will support clients in evaluating and enhancing their Cybersecurity risk posture through internal audits, control testing, and maturity assessments. You'll work closely with cross-functional teams to assess risks, test controls, and provide actionable insights aligned with industry standards and regulatory frameworks. As an IA Cybersecurity Risk Associate, you will get the opportunity to contribute to our clients' business needs and grow within our practice by applying a collection of Cybersecurity capabilities, including governance, risk assessments, control testing, and technology operations for the Cybersecurity practice, all with the resources, environment, and support to help you excel. From day one, you'll be empowered by the greater Risk Advisory team to help clients make the moves that will help them achieve their vision and help you grow your Cybersecurity knowledge.

Requirements

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field is required.
2+ years of experience in Cybersecurity, internal audit, or IT risk.
Familiarity with Cybersecurity frameworks and standards including (but not limited to): NIST CSF, NIST 800-53, NIST 800-171 CSA CCM ISO/IEC 27001, ISO/IEC 27002 HIPAA, FedRAMP, GLBA, CCM COBIT, HITRUST, PCI DSS
Foundational understanding of IT, Cybersecurity, cloud security, data protection, vulnerability management, and incident response.
Strong understanding of the cloud shared responsibility model and how that may impact clients'
Ability to communicate clearly and effectively (oral and written) with all internal and external stakeholders.
Exceptional client service, communication, analytical, and organizational skills.
Strong project management skills and the ability to execute multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
Ability to travel to client locations (as needed).

Responsibilities

Assist in planning and executing Cybersecurity internal audits, risk assessments, and control testing engagements.
Assist with performing Cybersecurity control testing and Cybersecurity program capability assessments.
Conduct Cybersecurity maturity assessments using frameworks such as NIST CSF, CSA CCM, ISO/IEC 27001, COBIT, and HITRUST.
Support assessments for regulatory compliance including HIPAA, FedRAMP, GLBA, and state-led data breach notification laws.
Document audit findings, develop risk-based recommendations, and contribute to client deliverables.
Assist organizations with identifying recommendations and developing roadmaps to mitigate cyber risks and enhance overall Cybersecurity posture.
Collaborate with senior team members to identify emerging risks and recommend mitigation strategies.
Participate in walkthroughs, and workshops with client stakeholders to understand information security/ cybersecurity processes and technology environments.
Stay current on Cybersecurity trends, threat landscapes, and regulatory developments. This includes technical familiarity with common Cybersecurity tools, cloud environment/architecture, and threat vectors.
Assist with executing remediation plans resulting from assessment activities.
Support client engagements from start to finish, which includes planning, fieldwork, and reporting.
Participate in professional development activities and training sessions on regular basis.
Adhere to the highest degree of professional standards and strict client confidentiality.
Other job duties as assigned.