Senior Associate, Cybersecurity compliance (global role in a virtual working environment)

Grant Thornton International Ltd
Bedford
6 months ago
Applications closed

Related Jobs

View all jobs

Cybersecurity & Connectivity Engineer

It Manager

IT Manager

Digital Systems Lead

Devops Engineer

EHC Practitioner

About Grant Thornton


Grant Thornton is one of the world’s leading professional services networks with member firms in 150 markets, 76,000 people and global revenues of $8bn. Member firms offer audit, tax, and advisory services to privately owned companies, publicly listed companies, public sector and not for profit organisations, both domestically and internationally.

Grant Thornton International Ltd (GTIL) is the umbrella legal entity for the Grant Thornton global network of member firms. GTIL sets the strategic direction, convenes member firms, connects global communities, and protects the brand and reputation of the network. GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UN’s Sustainable Development Goals (SDGs).


Overall role purpose


In our Go Beyond network strategy 2025 our vision is to become ‘the most valued network in the profession’.


The primary purpose of this role is to support Grant Thornton International Ltd.’s internal cybersecurity assessment programme, which monitors our global network of Member Firms for compliance against our information security framework.


The ideal candidate will have experience evaluating IT Infrastructure Security technologies, IT general computer controls, industry frameworks (e.g. NIST) and will bring strong information technology audit or security consulting experience to the programme.


Location


United Kingdom/Europe


Main responsibilities


The Senior Associate will support with the implementation of the cybersecurity compliance programme, including:


  • Collaboration with IT assurance engagement teams across the GT network
  • Review of data and evidence obtained in the field, including reviews for completeness, consistency and clarity.
  • Evaluate cybersecurity risks and advise on risk mitigation activities.
  • Engagement with compliance colleagues, Technology and Business leaders, including the delivery of reporting material and presentations.
  • Tracking and coordination of follow up remediation cycles for those firms with findings of non-compliance.
  • Drive developments and improvements to the programme for future assessment cycles.


This role will also include broader support to the team such as:


  • Respond to firm enquiries and mailbox management.
  • Provide advice and guidance on a variety of security topics.
  • Develop guides, templates and other material to support the implementation of security standards.
  • Research security best practices and provide appropriate reporting.


Person specification


Education/qualifications


Bachelor’s degree in IT/Computer Science desirable

One of or similar to the following is desirable:


  • CompTIA Security+ or CASP+
  • Associate of (ISC)2
  • ISO27001 Practitioner


Experience – Essential


  • Demonstrable experience in a similar role.
  • Prior experience within a security compliance assurance or auditing position.
  • Understanding of relevant regulatory requirements and assurance processes, including various auditing standards such as NIST and ISO27001
  • Analytical skills to collect, analyse and interpret information and/or data into useful insight
  • Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with senior stakeholders
  • Ability to prioritise and manage a varying workload


Experience - Desirable


  • Experience with using GRC solutions as part of a risk management programme.
  • Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture.
  • Due to the global scope of the role, any multi-language capability would be highly desirable.


Benefits


There are many benefits of being part of Grant Thornton International, working with a global and diverse team in a virtual setting is just one of them. We pride ourselves on our inclusive culture and believe it's one of our most valuable assets.


We also recognise the importance of time off at Grant Thornton International. Taking time away can lead to improved wellbeing and better productivity, which is why we don’t cap your leave. So if you need to take that extra Friday off (and Monday too), no problem.


We believe work is no longer a location, it is what we do. This should help all of us deliver our best work, while achieving the right balance in our lives. We want to build a culture of virtual inclusivity. One where all our people have the ability to choose what works best for them but also provides our people the best shared working experience utilising the digital tools we have available. GTIL will provide individuals with the necessary support and equipment to work effectively from home. We also have a collaborative space to offer should you prefer working outside of your home.


We will offer you access to digital learning options, as well as external training, should you role and development needs require this.


We fully understand the importance of balancing your life and we aim to support that with remote working and flexibility within your role. We understand the time you spend outside of work helps shape what you bring into work, so we encourage flexibility on both sides. However, if you prefer to work from the office, this is also something we offer.


We also understand the importance of working comfortably in a remote office - most likely your home, which is why we offer all staff a monthly home office allowance to ensure you're well equipped and able to undertake your role to the fullest.


These are just some of the benefits of working at Grant Thornton International. We also have a wide range of attractive core benefits including pension, health insurance, wellbeing programmes and much much more.

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

How to Write a Cyber Security Job Ad That Attracts the Right People

Cyber security is now a board-level priority for organisations across the UK. From financial services and healthcare to critical infrastructure, SaaS platforms and the public sector, demand for skilled cyber security professionals continues to grow. Yet despite this demand, many employers struggle to attract the right candidates. Cyber security job adverts often generate large volumes of applications, but few are a genuine match. Meanwhile, experienced security engineers, analysts and architects quietly ignore adverts that feel vague, unrealistic or disconnected from real security work. In most cases, the problem is not a lack of talent — it is the quality of the job advert. Cyber security professionals are trained to assess risk, spot weaknesses and question assumptions. A poorly written job ad signals organisational immaturity and weak security culture. A well-written one signals seriousness, competence and trust. This guide explains how to write a cyber security job ad that attracts the right people, improves applicant quality and positions your organisation as a credible security employer.

Education Jobs

Maths for Cyber Security Jobs: The Only Topics You Actually Need (& How to Learn Them)

If you are applying for cyber security jobs in the UK it can feel like “real security people” must be brilliant at maths. The reality is simpler: most roles do not need degree-level pure maths. What they do need is confidence with a small set of practical topics that show up repeatedly in day-to-day work across SOC, incident response, cloud security, AppSec, threat detection, IAM & security engineering. This guide strips the maths down to what actually helps you get hired. It includes a 6-week learning plan plus portfolio projects you can publish to prove the skills. You will focus on: Number systems & bitwise thinking (binary, hex, bytes, XOR) Modular arithmetic basics (enough to understand how modern crypto “works”) Probability & statistics for detection, triage & risk Discrete maths for logic, sets, graphs & complexity Security maths habits: estimation, false positive control & evidence-led reporting You will not waste time on heavy theory that rarely appears in junior or mid-level cyber security roles.

Jobs

Neurodiversity in Cyber Security Careers: Turning Different Thinking into a Superpower

Cyber security is all about thinking like an attacker, spotting unusual patterns, protecting systems & responding calmly when everything looks like it’s on fire. It’s a discipline built on curiosity, persistence & noticing things other people miss. That’s exactly why it can be such a good fit for many neurodivergent people. If you live with ADHD, autism or dyslexia, you may have been told your brain is “too distracted”, “too literal” or “too disorganised” for a security role. In reality, the traits that can make traditional office work tough often line up beautifully with cyber security work – from hyperfocus in incident response to meticulous analysis in threat hunting. This guide is written for cyber security job seekers in the UK. We’ll look at: What neurodiversity means in a cyber context How ADHD, autism & dyslexia strengths map to different security roles Practical workplace adjustments you can ask for under UK law How to talk about neurodivergence during applications & interviews By the end, you’ll have a clearer sense of where you might thrive in cyber security – & how to turn “different thinking” into a genuine superpower.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.