Sign upLog in

Director, Information Security Audit & Compliance (Global)

Grant Thornton LLP

New York, NY

Apply
JOB DETAILS
SALARY
$172,000–$250,000 Per Year
SKILLS
Auditing, Business Growth, Business Support, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, Computer Security, Customer Support/Service, Due Diligence, External Audit, HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, Leadership, Legal, Machine Tool, Mentoring, Process Development, Regulations, Request for Proposals (RFP), Risk, Risk Analysis, Risk Management, Security Auditing, Team Building, Testing, Time Management, U.S. National Institute of Standards and Technology (NIST)
LOCATION
New York, NY
POSTED
Today

Director Of Information Security Audit & Compliance

Grant Thornton is seeking a Director of Information Security Audit & Compliance to join the team. Approved office locations can be found below.

We are seeking a Director of Information Security Audit & Compliance to lead and scale a global audit and compliance practice. This role will be responsible for establishing global delivery centers, managing internal and external audits, and ensuring the information security program is governed through a consistent, defensible framework aligned to NIST CSF and NIST 800-53.

The ideal candidate combines deep audit and regulatory expertise with strong operational leadership, enabling the organization to meet regulatory, client, and certification requirements while supporting business growth and innovation.

Key Responsibilities

Audit & Compliance Strategy

  • Define and lead the global information security audit and compliance strategy across the enterprise.
  • Establish and scale global delivery centers to support audits, evidence management, and continuous compliance operations.
  • Own the audit calendar and roadmap for ISO, NIST-based, HIPAA, and client-driven audits.

Audit Management & Execution

  • Lead enterprise-wide audits and assessments including ISO 27001, NIST, HIPAA, and client-specific security audits.
  • Act as the primary point of contact for external auditors, regulators, and client assessors.
  • Ensure timely, high-quality audit deliverables, responses, and remediation plans.

Governance, Risk & Control Framework

  • Align the information security governance program to NIST Cybersecurity Framework (CSF) and NIST 800-53.
  • Develop, maintain, and mature security policies, standards, and control frameworks.
  • Ensure controls are consistently implemented, tested, and evidenced across global teams.

Continuous Compliance & Control Assurance

  • Establish processes for continuous control monitoring, internal testing, and readiness assessments.
  • Track audit findings, remediation efforts, and risk acceptances through closure.
  • Partner with technology, security, and business teams to remediate gaps and strengthen control effectiveness.

Client & Regulatory Engagement

  • Support client due diligence, RFP security responses, and client-led audits.
  • Translate technical and control-based requirements into clear, business-aligned commitments.
  • Build trust with clients by demonstrating a mature, transparent compliance posture.

Leadership & Global Team Development

  • Build, lead, and mentor a globally distributed team of audit and compliance professionals.
  • Define roles, responsibilities, career paths, and training for audit and compliance staff.
  • Foster strong collaboration with security engineering, IT, legal, privacy, and risk teams.

Required Qualifications

  • 12+ years of experience in information security, audit, or compliance, with 5+ years in senior leadership roles.
  • Deep hands-on experience leading ISO 27001, 27701, 27017, NIST, HIPAA, and client-driven security audits.
  • Strong expertise in NIST CSF and NIST 800-53 governance, control design, and assessment.
  • Proven experience building or scaling global audit and compliance delivery models.
  • Strong understanding of information security controls, risk management, and regulatory expectations.
  • Excellent communication skills with the ability to engage executives, auditors, and clients.

Preferred Qualifications

  • Experience operating in global, highly regulated environments.
  • Familiarity with SOC 1 / SOC 2, cloud compliance, and third-party risk assessments.
  • Experience implementing GRC tooling to support audit and compliance workflows.
  • Professional certifications such as CISSP, CISA, CRISC, CISM, ISO 27001 Lead Auditor, or equivalent.

The base salary range for this position is between $172,000 and $250,000. Placement within the pay range is at Grant Thornton's discretion, and it is based on multiple factors, including but not limited to, job-related knowledge/skills, experience, business needs, progression within the role, geographic location, and internal equity. At Grant Thornton, compensation decisions are dependent upon the facts and circumstances of each position and candidate.

About the Company

G

Grant Thornton LLP

At Grant Thornton, our people are talented, intellectually curious and driven to make a difference. People who come to work here are empowered to contribute from their very first client engagement. They develop their skills working alongside our partners and through our formal leadership and technical training programs. In short, it is our ambition to build better business professionals faster than our competitors. If you dream of working with innovative colleagues who support and inspire you, Grant Thornton is the place for you. Visit www.GrantThornton.jobs today.
COMPANY SIZE
5,000 to 9,999 employees
INDUSTRY
Accounting and Auditing Services
FOUNDED
1924