Be at the heart of actionFly remote-controlled drones into enemy territory to gather vital information.

Apply Now

Senior Associate – Cybersecurity Risk Analyst: BAS Testing and Risk Profiling (Global role – in a virtual working environment)

Grant Thornton International Ltd
Bristol
2 weeks ago
Applications closed

Related Jobs

View all jobs

Senior Associate – Cybersecurity Risk Analyst: BAS Testing and Risk Profiling (Global role – in a virtual working environment)

Senior Associate – Cybersecurity Risk Analyst: BAS Testing and Risk Profiling (Global role – in a virtual working environment)

Cyber Security Analyst

Senior Cyber Security Analyst

Senior Lead, Cybersecurity Supply Chain Risk

Security Analyst

About Grant Thornton


Grant Thornton is one of the world’s leading professional services networks with member firms in over 145 countries, 80,000 people and global revenues of $8bn. Member firms offer audit, tax, and advisory services to privately owned companies, publicly listed companies, public sector and not for profit organisations, both domestically and internationally.


Grant Thornton International Ltd (GTIL) is the umbrella legal entity for the Grant Thornton global network of member firms. GTIL sets the strategic direction, convenes member firms, connects global communities, and protects the brand and reputation of the network. GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UN’s Sustainable Development Goals (SDGs).


At GTIL, we encourage applications from individuals of all backgrounds, experiences, and perspectives. We believe talent is everywhere. We actively source and encourage applications from all around the globe to encourage new ways of working and tackling complex challenges together.


Role purpose


In our Go Beyond network strategy 2025 our vision is to become ‘the most valued network in the profession’.


The primary purpose of this role is to support Grant Thornton International Ltd.’s internal cybersecurity adversarial exposure programme, which monitors and validates the technical exposure of our global network of Member Firms against real world cybersecurity threats.

The ideal candidate will have experience with attack surface discovery, exposure management, security controls validation and threat intelligence technologies. Reporting directly to the Director of Cybersecurity Programmes within our compliance workstream, the candidate will bring a strong technical background, combined with an articulate risk profiling mindset.


Main Responsibilities


The Senior Associate will support with the implementation of the global adversarial exposure programme, including:


Security Testing

  • Continuously discover external assets and attribute them to members of our organisation. This insight detects a wide range of exposures, including high risk vulnerabilities, misconfigurations, exploitable administration paths, and additional types of exposed threats.
  • Perform security testing using Breach and Attack simulation products for a variety of scenarios including adversarial simulations and control validation exercises.
  • Collaboration with various operation security teams across the GT network to conduct exercises
  • Manage risk validation to identify attack paths, adversarial context and threat prioritisation.
  • Manage notifications and workflows to support risk remediation processes.


Operational Liaison

  • This role will also liaise closely with the cybersecurity operations team to manage the mutual communication and escalation of identified risks between cyber operations and compliance workstreams.
  • Support the research, analysis and reporting of emerging cyber threats, vulnerabilities, tactics, techniques, and procedures (TTPs)

Risk Profiling

  • Support the analysis, classification, and response to cybersecurity risks within the organisation.
  • Leverage analytics, threat intelligence and other risk indicators from common global security platforms, to develop and manage risk profiling algorithms and dashboards.
  • Develop and manage risk reporting processes for adversarial exposure, to support cybersecurity workstreams and broader risk governance.


Location


UK/Europe


Person Specification


  • Bachelor’s degree in IT/Computer Science desirable
  • Technical certifications are desirable - Certified Ethical Hacker (CEH) – EC Council; Certified Information Systems Auditor (CISA) – ISACA; Offensive Security Certified Professional (OSCP) – Offsec.


Experience - essential

  • Demonstrable compliance or operational experience in a similar role.
  • Prior experience with attack surface discovery, exposure management, security controls validation and/or threat intelligence technologies.
  • Analytical skills to collect, analyse and interpret technical information and/or data into useful insight
  • Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with various stakeholders
  • Ability to prioritise and manage a varying workload


Experience - desirable

  • Operational delivery of red teaming or penetration testing exercises
  • Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture.
  • Due to the global scope of the role, any multi-language capability would be desirable


Benefits

There are many benefits of being part of Grant Thornton International, working with a global and diverse team in a virtual setting is just one of them. We pride ourselves on our inclusive culture and believe it's one of our most valuable assets.


We also recognise the importance of time off at Grant Thornton International. Taking time away can lead to improved wellbeing and better productivity, which is why we don’t cap your leave. So if you need to take that extra Friday off (and Monday too), no problem.


We believe work is no longer a location, it is what we do. This should help all of us deliver our best work, while achieving the right balance in our lives. We want to build a culture of virtual inclusivity. One where all our people have the ability to choose what works best for them but also provides our people the best shared working experience utilising the digital tools we have available. GTIL will provide individuals with the necessary support and equipment to work effectively from home. We also have a collaborative space to offer should you prefer working outside of your home.


Additional note

At GTIL, we understand that AI tools can be valuable resources during the application process. If you make use of AI, we encourage you to do so responsibly. We also want to hear your unique views and perspectives and look forward to hearing them during any interviews. AI should not be used for interview responses, test answers or note-taking. If you wish to use AI for note-taking, you must disclose this in advance. Alternatively, you may request a copy of the transcript at the start of the call.

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers

The Future of Cybersecurity Jobs: Careers That Don’t Exist Yet

Cyber security has become one of the most critical issues of our age. Once regarded as a technical problem confined to IT departments, it is now a board-level priority, a government mandate, and a daily necessity for individuals. The shift towards cloud services, remote working, connected devices, and artificial intelligence has dramatically increased the risks of digital attacks. In the UK, cyber security is central to national resilience. The government has identified cyber as a “tier one” threat to national security, alongside terrorism and pandemics. The private sector, from banks to retailers, now sees data breaches and ransomware as existential risks. Global spending on cyber security is projected to exceed $250 billion by 2030, with the UK already home to a thriving cyber industry employing tens of thousands. Yet, as powerful as the industry already is, we are only at the beginning. The technologies shaping the next two decades—AI, quantum computing, edge computing, extended reality, and biotechnology—will radically reshape cyber security. Many of the most vital cyber security jobs of the future don’t exist yet. This article explores why new roles will emerge, the careers likely to appear, how today’s jobs will evolve, why the UK is well-positioned, and how professionals can prepare now.

Jobs

Seasonal Hiring Peaks for Cybersecurity Jobs: The Best Months to Apply & Why

The UK's cybersecurity sector has emerged as one of the most critical and lucrative technology markets, with roles spanning from security analysts to penetration testers and chief information security officers. With cybersecurity positions commanding salaries from £28,000 for junior security analysts to £140,000+ for senior security architects, understanding when organisations actively recruit can dramatically impact your career trajectory in this essential field. Unlike traditional IT sectors, cybersecurity hiring follows distinct patterns influenced by threat landscapes, regulatory compliance cycles, and incident response requirements. The sector's unique combination of perpetual threat evolution, regulatory pressures, and skills shortages creates predictable hiring windows that strategic professionals can leverage to advance their careers in protecting Britain's digital infrastructure. This comprehensive guide explores the optimal timing for cybersecurity job applications in the UK, examining how cyber threat cycles, compliance deadlines, and government initiatives influence recruitment patterns, and why strategic timing can determine whether you join a cutting-edge security consultancy or miss the opportunity to defend against tomorrow's cyber threats.

Jobs

Pre-Employment Checks for Cyber Security Jobs: DBS, References & Right-to-Work and more Explained

The cyber security sector in the UK stands at the forefront of protecting national infrastructure, business operations, and personal data from increasingly sophisticated cyber threats. As organisations across all sectors recognise cyber security as a critical business function, employers are implementing the most rigorous pre-employment screening processes in the technology industry to ensure they recruit professionals capable of defending against advanced persistent threats and maintaining the highest standards of security and trustworthiness. Whether you're a penetration tester, security analyst, incident response specialist, or chief information security officer, understanding the comprehensive vetting requirements is essential for successfully advancing your career in this security-critical field. This detailed guide explores the extensive background checks and screening processes you'll encounter when applying for cyber security positions in the UK, from fundamental eligibility verification to the most stringent security clearance requirements and specialised threat intelligence assessments.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.