Grant Thornton LLP Cyber Risk Infrastructure Senior Associate in New York, New York
Grant Thornton is a collaborative, entrepreneurial firm on the move! As part of a dynamic, global organization of more than 42,000 people serving clients in more than 120 countries, we have the agility and focus it takes to be a leader.
Grant Thornton’s Advisory professionals are progressive thinkers who create, protect, transform value today, so our clients have the opportunity to thrive and grow. Our advisory practice creates holistic solutions delivered by innovative, curious professionals who bring technical depth and industry insight to our clients.
Cyber Risk Infrastructure Security – Senior Associate * *POSITION SUMMARY:
As companies become increasingly dependent on information technology (IT) to conduct daily business activities, they need to secure and control their technology infrastructure. Grant Thornton's Cyber Risk practice addresses these security and control issues. Within the Cyber Risk practice, our Infrastructure Security discipline offers an opportunity for you to leverage your security assessment and operational knowledge and experience to broaden your business and project management skills in a rewarding and challenging environment. The Infrastructure Security - Senior Associate is responsible for delivering a full range of services to clients and all phases of project and engagement management for multiple clients. Responsibilities include engagement planning, directing, and completion of IT security assessments and design/implementation of security architectures; developing and supervising other Grant Thornton engagement staff; and assisting in assigned client management and practice development activities.
ESSENTIAL DUTIES AND RESPONSIBILITIES: * Adhere to the highest degree of professional standards and strict client confidentiality. * Execution of assigned client engagements from start to finish, which includes the engagement planning, directing, and completion of IT security assessments, information systems audits, and Information Security architectural design and deployments while managing those engagements to budget. * Apply current knowledge of IT and cyber trends and to identify security and risk management issues and other opportunities for improvement. * Perform vulnerability assessments, penetration tests, wireless security assessments, web application security assessments, and social engineering activities. * Assist clients in planning and executing remediation plans identified in assessment activities. * Work with the client to plan an engagement strategy, define objectives, and address technology- related controls risks and issues. * Proactively interact with key client management to gather information, resolve problems and make recommendations for improvements. * Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment. * Additional duties as assigned.
· Bachelor's degree in Cybersecurity, Information Technology, Computer Science or a related field is required.
· Two to six years of related work experience in a similar consulting practice or function, servicing cross- industry clients at a national level.
· Experience with the secure configuration of various infrastructure platforms and devices such as Microsoft Windows, Unix / Linux, and common network devices (routers, switches, firewalls)
· Hands-on working experience with commercial and open-source network and application security testing tools, such as Kali Linux, Nessus, Metasploit, Kismet, and Wireshark, and various other tools is expected.
· One or more of the following industry certifications is required: CISSP, SANS GIAC, CISM.
· Experience testing web applications for common security vulnerabilities as defined by OWASP, including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues is a plus.
· Understanding of TCP/IP protocol suite.
· Experience with Security Operations Center process development, operationalization and optimization strategies.
· Experience in designing and implementation asset management, vulnerability management, and threat management solutions.
· Understanding of Cloud Architectures and Cloud Security deployment models and strategies.
· Experience assessing, designing and implementing network security for enterprise customers including SIEM platforms, IDS/IPS, endpoint security platforms, IAM suites, encryption and key management and other network and/or agent-based security infrastructure.
· Experience in project management and the ability to clearly communicate security technology issues verbally on both a formal and informal basis to all levels of client staff.
· Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
· Ability to work additional hours as needed and travel on a regular basis to clients as required. Travel for this position can go as high as 60%.**
BENEFITS: Grant Thornton LLP promotes a nationally recognized culture of health and offers an extensive array of benefits to meet individual lifestyles. For a complete list of benefits please visit http://www.gt.com/.
Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton has revenue in excess of $1.56 billion and operates 58 offices across the United States with more than 565 partners and 8,000 employees
Grant Thornton works with a broad range of publicly and privately held companies, government agencies, financial institutions, and civic and religious organizations. Core industries served include consumer and industrial products, financial services, not-for-profit, private equity, and technology. Grant Thornton focuses on serving dynamic organizations that pursue growth holistically — whether through revenue improvement, leadership, mission fulfillment or innovation.
It is Grant Thornton’s policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law.
Title: Cyber Risk Infrastructure Senior Associate
Location: New York-New York
Requisition ID: 036197