Grant Thornton is looking for an innovative Director of Global Cyber Risk Operations to play a pivotal role in shaping the future of our Cyber Risk Operations Center (ROC). This is an excellent opportunity for a dynamic leader who is eager to design, build, and lead a comprehensive approach to identifying, assessing, and mitigating technology and infrastructure risks throughout our organization.
As the ideal candidate, you will possess extensive hands-on technical expertise, keen risk judgment, and the capability to transform technical challenges into actionable, business-focused risk strategies. You will collaborate closely with global stakeholders from infrastructure, cloud, engineering, identity access management (IAM), compliance, and third-party teams.
Key Responsibilities
Cyber Risk Operations & Strategy
- Establish a cutting-edge Cyber Risk Operations Center (ROC) encompassing operating models, workflows, tool integration, metrics, and governance.
- Implement a standardized framework for identifying, prioritizing, tracking, and remediating cyber and infrastructure risks.
- Work in tandem with security architecture, infrastructure, cloud, and application teams to integrate risk management seamlessly into everyday operations.
Technology & Infrastructure Risk Management
- Manage technology risk visibility across diverse environments: on-premises, cloud, hybrid, and SaaS.
- Lead comprehensive risk assessment and exception management processes, ensuring effective risk acceptance, compensating controls, and executive-level risk reporting.
- Advocate for secure configuration assessments aligned with industry benchmarks (CIS, NIST, Microsoft).
Cloud Exposure & Attack Surface Management
- Oversee cloud security health, exposure management, and attack path analysis in Azure and multi-cloud settings.
- Utilize advanced tools to identify risky configurations and high-risk attack paths while collaborating with cloud engineering teams to prioritize remediation efforts.
Vulnerability & Endpoint Risk
- Lead vulnerability management initiatives and endpoint exposure programs leveraging top tools to ensure effective prioritization.
- Focus on risk-based prioritization that goes beyond CVSS, taking into account exploitability and criticality of assets.
Identity & Access Risk
- Supervise identity and access risk management, including addressing privileged access and configuration gaps.
- Collaborate with IAM to strengthen defenses against identity-driven attacks and enforce least privilege practices.
Third-Party Risk Management
- Lead cyber risk governance related to third-party and supply chain risks, focusing on ongoing monitoring and issue resolution.
- Embed third-party risk insights into the enterprise risk landscape and reporting frameworks.
Leadership & Stakeholder Engagement
- Build and inspire a high-performing global team of cyber risk professionals.
- Clearly communicate complex technical risks to senior executives, auditors, and non-technical stakeholders.
- Regularly update senior leadership on risk posture, addressing trends and critical issues.
Required Qualifications
- 12+ years in cybersecurity, infrastructure security, or technology risk, with over 5 years in senior leadership roles.
- Extensive technical background in enterprise infrastructure and cloud platforms (especially Azure) including security architecture.
- Proficient in using tools such as Qualys, CrowdStrike, Wiz, Azure Security Center, and Microsoft Entra ID.
- Demonstrated experience building cyber risk and vulnerability management programs.
- Strong familiarity with cyber risk frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS).
- Ability to translate complex technical findings into relevant business risk insights.
Preferred Qualifications
- Experience in establishing centralized risk operations or exposure management functions.
- Background in regulated or global enterprise environments.
- Knowledge of SOC 2, cloud compliance, and risk management in audit-driven contexts.
- Relevant certifications (CISSP, CISM, CCSP, CRISC, or equivalent).
The base salary range for this position in specific offices is:
- Chicago, IL, Downers Grove, IL, Cleveland, OH, Minneapolis, MN, Reno, NV, Denver, CO, and Baltimore, MD: $187,500 - $312,500 per year.
- Washington, DC, Boston, MA, Bellevue, WA, Los Angeles, CA, Newport Beach, CA, San Diego, CA, Edison, NJ, New York, NY, and Melville, NY: $202,500 - $337,500 per year.
- San Francisco, CA, and San Jose, CA: $215,625 - $359,375 per year.
At Grant Thornton, we focus on personal connections and building trust to deliver exceptional results. We offer more opportunities, flexibility, and support than typical professional services roles. Join a collaborative team committed to fostering your career and personal growth.
Consistent with our hybrid work model, this position requires in-person attendance at least three days a week, either at a Grant Thornton office or client site. We encourage work-li