IT Audit and Systems Security Manager

 IT AUDIT & SYSTEMS – SECURITY MANAGER/CONSULTANT POSITION SUMMARY As companies become increasingly dependent on information technology (IT) to conduct daily business activities, they need to control and secure their overall technology infrastructure to address integrity, availability, confidentiality and privacy issues. Grant Thornton's Business Advisory Services (BAS) practice addresses these controls and security issues. BAS offers an opportunity for you to leverage your information security, IT auditing and accounting experience to broaden your business and project management skills in a rewarding and challenging environment. BAS focuses on reviewing operational, financial, and technology processes to provide management with an independent assessment of business risk, internal control, and the overall effectiveness and efficiency of the process. The BAS IT Security Manager is responsible for all phases of project and engagement management for multiple clients, in a wide variety of industries. Responsibilities include planning, directing, and completing information security assessments, information systems audits, and business process control review engagements; conducting IT activities related to assurance and due diligence audits; and developing and managing staff. The BAS IT Security Manager works closely with partners and staff on client management, practice development, and business development. The BAS IT Security Manager is responsible for standard application of security practice across BAS IT and will participate in development of standard security service methodologies with other Grant Thornton offices. ESSENTIAL DUTIES AND RESPONSIBILITIES: -Adhere to the highest degree of professional standards and strict client confidentiality. -Manage, direct, and monitor client services teams on multiple engagements; plan, execute, direct, and complete information systems audits, business process control reviews, and other service offerings in a wide variety of industries; and manage to budget. -Understand and manage firm risk on audits and proposals. -Develop a project vision and set challenging personal and client service team goals. -Manage, develop, train, and mentor staff on projects and assess performance for engagement and year-end reviews. -Review operational, financial, and technology processes to provide management with an individual assessment of business risk, internal control, and the overall effectiveness and efficiency of the process. -Work closely with clients and staff to develop client and project risk assessments, implement opportunities, and recommendations regarding business and IT process optimization, profit improvement, internal control, and compliance. -Work with audit and assurance teams and the client to plan engagement strategy, define objectives, and address technology-related controls risks. -Work with management consulting teams to implement controls in new systems deployment. - Lead security risk and vulnerability assessments to identify client business risks. -Evaluate and test business processes and business controls and identify areas of risk. -Apply current knowledge of IT trends and IT systems processes to identify security engagement issues and risk management issues. -Lead engagements with performing general computer and application controls reviews. - Lead the development and implementation of Business Recovery and Continuity Plans. -Lead the performance of security and penetration studies. -Participate in internal auditing outsourcing and co-sourcing engagements for clients. -Think strategically about practice enhancements and be able to embrace and manage change. -Maintain active communication with clients to manage expectations, ensure satisfaction, make sure deadlines are met, and lead change efforts effectively. -Consult, work with, and service client base to make recommendations on business and process improvement and serve as a business advisor to client. -Work closely with partners, managers, and staff to integrate practice development skills into a team approach to client service and new business development. -Team with partners and senior managers on proposals and business development calls. -Maintain strong client relations and cross-sell services within the assigned group of clients. -Recruit and retain senior associates and associates. -Coach senior associates and associates in developing and achieving goals and objectives for performance and professional development. -Attend professional development and training sessions on a regular basis. -Perform other job-related duties as necessary.QUALIFICATIONS AND REQUIREMENTS: -Bachelors degree in Information Technology, Accounting, or Finance.-Six to ten years of experience at a senior consultant level in a similar practice or function with a Big 4 firm, servicing cross-industry clients at a national level or experience in industry in Internal EDP Audit or Internal IT Audit. -Certification/license as CISA, CISSP, ISSAP, ISSAM, CPP,or CISM. NSA IAM is desired. CCIE, CIA, CPA, PMP or CFE preferred. -Experience performing business-based risk assessments, external penetration tests, internal technical vulnerability tests, and security policy and practice development. -Ideal candidates have a demonstrated knowledge of vulnerability assessment tools (e.g., Internet Security Scanner) and methods. -Experience performing financial, operational, and system audits, as well as business process control reviews. Knowledge and experience related to IT audits and Information Technology operations. Knowledge and experience with numerous business cycles and multiple accounting software applications is desired. Sarbanes-Oxley Section 404 experience is a plus. -Demonstrated ability to mentor and train senior associates and associates in information security disciplines.-Areas of expertise should include at least some of the following: access control software, security architecture and administration, Internet use/firewalls, network security awareness and enforcement, security policies and standards, operating systems (Windows NT/2000/2003, UNIX/Linux, AS400, Novell). -Strong experience in staff and audit management in an integrated client service team. -Ability to manage and develop staff in a highly interactive team environment. -Practice development experience is preferred. -Exceptional client service and communication skills with a demonstrated ability to develop and maintain outstanding client relationships. -Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment. -Strong leadership, business development, recruiting, training, coaching, and mentoring skills, coupled with excellent written, interpersonal, and presentation skills. -Computer expertise including proficiency in Microsoft Office Suite applications software and MS Project and an understanding of the impact of technology.Additional Information: Travel Percentage: 90%