Manager - Cybersecurity operations (Global role – in a virtual working environment)

About Grant Thornton

Grant Thornton is one of the world’s leading professional services networks with over 68,000 people from member firms in over 140 markets around the world generating global revenues of USD7.2 billion a year. Member firms offer audit, tax, and advisory services to privately owned companies, publicly listed companies, public sector and not for profit organisations, both domestically and internationally.

Grant Thornton International Ltd (GTIL) is the umbrella legal entity for the Grant Thornton global network of member firms. GTIL sets the strategic direction, convenes member firms, connects global communities, and protects the brand and reputation of the network. GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UN’s Sustainable Development Goals (SDGs).

Role purpose

In our Go Beyond network strategy 2025 our vision is to become ‘the most valued network in the profession’.

The Manager of Cybersecurity Operations plays a crucial role in managing the proactive, operational and reactive cybersecurity posture for GTIL and member firms globally.

Reporting directly to the lead of GTIL’s cybersecurity operations and with key relationships to IT Operations and the Managed Security Service Provider (MSSP), this role provides subject matter expertise and orchestration across a wide range of cybersecurity services and solutions. This includes planning, implementation, operations, maintenance and continual improvement of these services and solutions to provide the best insight, protection and value for the organisation.

Main Responsibilities

Cybersecurity Operations

• Manage the various cybersecurity operational and monitoring tools for GTIL (and globally where tools extend across Member Firms).
• Liaise with the various Business Unit stakeholders, MSSP, and cybersecurity vendors, with regards to planning, provision and maintenance of operational and monitoring tools.
• Liaising with the GTIL Security Architect and IT Operations to implement responsibility and accountability across Identity Access Management (IAM) services.
• Respond to, redirect or escalate GTIL and Member Firm queries, in relation to impacting cybersecurity operations and potential threats.
• Oversee the security training and awareness programmes for GTIL.
• Hold various privileged functional roles within cybersecurity and IT operational platforms, as defined by team RACI models.
• Function as cybersecurity proxy on the IT/Shared Services Change Advisory Boards (CAB).
• Develop and maintain documentation of cybersecurity operations.

Cybersecurity Engineering Support

• Enforce security policies via technical configuration and end user awareness.
• Assist in successfully planning, testing, validating, and documenting secure configurations across multiple core platforms.
• Manage the identification, classification, labelling and protection of data across various productivity platforms.
• Actively participate in industry-specific threat intelligence sharing groups and forums to contribute insights and gain valuable knowledge on emerging threats.
• Design and implement advanced threat intelligence capabilities, including the development of automated processes for data collection, analysis, and dissemination.
• Assist in improving implementation of automated incident response via SOAR and workflows.
• Determine gaps in technology and processes to identify opportunities for further development.

Risk Engagement – Advisory and Reporting

• Evaluate and advise on existing systems design and operational functions relative to security best practices and compliance requirements.
• Evaluate the security impact of changes to information systems and provide commensurate risk advice.
• Engage in complex technical discussions with other technical teams; Provide clear guidance on the security requirements of those issues or projects.

Proactive – Threat Modelling and Analytics

• Independently research and analyse emerging cyber threats, vulnerabilities, tactics, techniques, and procedures (TTPs)
• Assist in the design and management of appropriate risk management processes to collect, analyse and report on industry wide, imminent and emerging cybersecurity risks to GTIL and member firms.
• Liaise with key IT, Business Unit stakeholders and vendors to conduct technical probing and analysis of GTIL’s information security architecture and defensive controls.
• Assist in testing methods to identify ways that attackers could exploit weaknesses in security systems.
• Assist in the development and maintenance of documentation on vulnerability assessments, threat modelling and risk remediation processes.

Reactive – Incident Response

• Assist in investigating potential security incidents and the degree to which the investigation must happen.
• Determine the need to escalate a security incident to Cyber Operations management.
• Assist in root cause analysis, evaluate capability maturity and optimise future security incident handling through process improvements.
• Assist in development and maintenance of documentation on cyber security incident playbook and runbooks, process workflow, incident handling and response capabilities.

Miscellaneous

• Supporting the Associate Director and other Cybersecurity leadership in meeting and delivering department and strategic objectives.

Location

Ideally within the Americas.

Person Specification

• Bachelor’s Degree OR equivalent post high school education and/or work-related experience in Computer Science, Information Systems, or other Information Technology related field.
• CISSP (Certified Information Systems Security Professional) certification is desired.
• OSCP (Offensive Security Certified Professional) certification is desired.

Experience - essential

• Solid experience of working in Information Security OR a combination of relevant experience
• Demonstrated operational expertise in the following: Vulnerability management, Application security, Endpoint Detection and Response, Edge defence solutions (Firewalls, WAF, IDS/IPS …etc.), Data protection solutions, Endpoint configuration management, Identity and Access Management, Logging and Monitoring (SIEM, User Behaviour Analytics), Incident response planning and invocation, Windows client, server and hyper-visor operating systems, On-premises architecture (security controls and configurations), Cloud architecture (security controls and configurations).
• The job requires effective leadership, communication (verbal and written) and project management skills to work with various levels and divisions within the organization.
• Strong organisational and communication skills
• Ability to learn and adapt to a constantly changing technology and threat landscape.
• This role scope of responsibility will, on occasion, extend to include member firms across the globe, communication and relationship building is a key requirement.
• Provides expertise and solutions for complex initiatives and is capable of making independent decisions.
• Cultural awareness, the ability to work well with people from different disciplines and backgrounds.
• Ability to be agile, respond positively to change and contribute with an innovative and global mindset.

Experience - desirable

• Ethical hacking (red team, penetration testing) experience
• Security Operations Centre (SOC) administration or leadership
• Security automation and orchestration
• Incident response forensic processes

Benefits

There are many benefits of being part of Grant Thornton International, working with a global and diverse team in a virtual setting is just one of them. We pride ourselves on our inclusive culture and believe it's one of our most valuable assets.

We also recognise the importance of time off at Grant Thornton International. Taking time away can lead to improved wellbeing and better productivity, which is why we don’t cap your leave. So if you need to take that extra Friday off (and Monday too), no problem.

We believe work is no longer a location, it is what we do. This should help all of us deliver our best work, while achieving the right balance in our lives. We want to build a culture of virtual inclusivity. One where all our people have the ability to choose what works best for them but also provides our people the best shared working experience utilising the digital tools we have available. GTIL will provide individuals with the necessary support and equipment to work effectively from home. We also have a collaborative space to offer should you prefer working outside of your home.