As companies become increasingly reliant on their vendors, suppliers, and other partners for business-critical capabilities, they need to mitigate associated cyber risks and exposures. Grant Thornton’s Third Party Cyber Risk practice addresses these security and control issues. We are looking for consultants with extensive consulting and third party risk management experience who will help our clients solve their most complex business issues from strategy through execution. A cyber risk consulting career will provide you the opportunity to grow, while helping our clients address their most pressing business issues through the application of our third party risk management solutions.
Our Third Party Cyber Risk services help our clients understand and mitigate risks associated with third party providers, emphasize risk management as a collective priority, and develop and implement solutions addressing the most pressing challenges across governance, people, processes, and technologies. We provide the foundations to design, manage and operate third party cyber risk program aligned to business strategy, and increase organizational resilience in the face of an ever-changing threat landscape.
This role is primarily remote; occasional domestic travel to client sites may be required.
Essential Duties and Responsibilities
Adhere to the highest degree of professional standards and strict client confidentiality
Execute assigned client engagements from start to finish, which includes the engagement planning, directing, and completion of third-party risk program strategy, design, or implementation engagements while managing those engagements to budget
Apply current knowledge of third party risk management and monitoring industry trends to identify security and risk management issues and other opportunities for improvements
Work with clients to plan an engagement strategy, define objectives, and address third party security control risks and issues
Proactively interact with key client management to gather information, resolve problems, and make recommendations for improvements
Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment
Participate in professional development activities and training sessions on regular basis
Other duties as assigned
Minimum Year(s) of Experience: 5 years
Experience designing and implementing third party risk management programs in either an advisory or in-house capacity
Experience leveraging third party risk scoring / attack surface assessment approaches and technologies
Designing and implementing control assessment processes leveraging industry standard frameworks (e.g., NIST CSF)
Successful track record of interfacing with a diverse set of executive stakeholders outside of security – business units, procurement, legal, finance – to achieve third party risk mitigation outcomes
Experience developing third party risk policies and procedures
Experience leveraging Governance, Risk, and Compliance (GRC) technologies, or third-party risk purpose-built tools to streamline workflows
Familiarity with US-based and global regulatory and compliance regimes relevant to cybersecurity, privacy, and/or third party risk management
Developing and managing third party incident response workflows
Take ownership of your work, by performing self-reviews of all work performed.
Produce high quality deliverables on client engagements requiring little re-work. Ensure they are on time and well organized.
Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
Ability to deal with ill-defined problems and propose coherent solutions for the client.
Execution of assigned client engagements from start to finish, which includes the engagement planning, directing, and completion while managing those engagements to budget.
Manage the team comprising of seniors and associates; provide mentorship and coaching to facilitate professional growth and development.
Apply current knowledge of third party risk management trends to identify security and risk management issues and other opportunities for improvement.
Assist clients in developing and executing risk management activities.
Participate in client calls as third-party risk management subject matter expert; provide solutions best fitted to the requirements and in line with industry best practices.