Cyber Security and Privacy Senior Associate – ServiceNow

Essential Duties and Responsibilities

  • Participating in the solution development process and ensuring that customer requests and needs are represented within the product
  • Designing and deployment of enterprise software solutions, including on-site implementations and cloud-based capabilities
  • Assisting with performing technical and competitive analysis of ServiceNow GRC, SecOps, Third Party and IT Asset Management solutions, including performance, debugging and other operational metrics.
  • Familiarity with risk standards and models is preferred.
  • Familiarity with Governance, Risk and Compliance platforms is preferred, especially ServiceNow
  • Familiarity with ServiceNow Performance Analytics is a plus
  • Familiarity with IT Asset Management solutions is a plus
  • Familiarity with risk reporting and dashboard solutions, including Business Intelligence platforms, is a plus
  • Ability to communicate difficult subject matter in a clear and concise fashion is important.
  • Ability to work with different delivery teams to support technology capabilities as part of larger projects is required.
  • Ability to consider non-traditional approaches to solve traditional security challenges is important.
  • Experience in offshore team- and capability-development is preferred.
  • Communicate (verbally and in writing) externally with clients and internally with all levels of the organization to successfully accomplish objectives portraying knowledge and confidence.
  • Motivate others to perform at maximum efficiency without sacrificing quality of the services delivered.
  • Maintain a good working relationship with clients and work effectively with client management and staff at all levels to gather information and perform services.
  • Work closely with Grant Thornton managers and partners to promptly identify and resolve client problems or issues.
  • Other duties as assigned


  • Bachelor’s degree in Computer Science, Information Systems, or related field.
  • 1+ years of related work experience in a similar consulting practice or function, servicing cross-industry clients at a national level.
  • Must have minimally 1 + years of related work experience with GRC platforms
  •  Must have, or be willing and able to obtain, one or more of the following certifications: CISSP
  • Demonstrated working knowledge of various standards and guidelines that are applicable to security practices such as ISO, NIST, COBIT and others.
  • Expert-level proficiency in Microsoft Office Suite, specifically Microsoft Word and Microsoft Power Point.
  • Must have excellent oral and written communication skills
  • Ability to think strategically
  • Ability to understand regulatory impacts to client strategies
  • Ability to travel on short notice and work additional hours as necessary.

HITRUST Consultant


The HITRUST Common Security Framework, “HITRUST CSF”, is a risk based, prescriptive security and privacy framework that streamlines compliance of multiple regulations, risk factors, and standards. The HITRUST Assessor will work closely with clients and other team members, under the direction of an Executive Sponsor, to guide customers through the process of HITRUST Readiness and Validated Assessment to submit to the HITRUST Alliance for Certification.

A good candidate for this position is individuals looking to apply information security and privacy focused frameworks and methodologies to expand their knowledge and skills in diverse and complex data privacy regulations on a global basis. Secondarily this role will provide guidance in implementation of various frameworks for security and privacy.

Role Responsibilities

  • Work closely with clients to understand systems and business functions in order to determine the scope of their HITRUST assessments
  • Review and evaluate an organization’s information security posture for compliance with the HITRUST CSF and other relevant frameworks
  • Develop a GAP assessment with prioritized remediations
  • Assist organizations with the implementation of a remediation plan to strengthen information security posture
  • Research and understand Security and Privacy matters
  • Communicate IT, Security, and Privacy concepts to an organization as it relates to the inscope environment
  • Develop and execute test plans to validate an organization’s compliance with the HITRUST CSF for certification submission

Qualifications and Requirements

  • BA/BS in information technology, business administration, or related field preferred
  • 5+ years in a security/privacy consulting position
  • High attention to detail with a focus on persistent and timely follow-up
  • Certifications in HIPAA (HCISPP) and or HITRUST (CCSFP, CHQP) is a plus
  • Certifications in Security and/or Privacy Technology (CISSP, CIPP) is a plus
  • Prior Big 4 consulting experience is a significant plus
  • *Post COVID-19 – this position may include travel up to 25%

Employee Perks

  • Medical, vision, and disability insurance program
  • Employer-funded life insurance for all employees
  • Unlimited vacation policy with a requirement to take at least two weeks
  • Encourage and compensate for advanced training, certifications, and industry events
  • Have a voice and be heard with the opportunity to make a positive difference