Business Risk Services - Attest Services Sr. Associate

Grant Thornton LLP Arlington , VA 22201

Posted 2 months ago

Grant Thornton is collaborative, entrepreneurial and on the move. As part of a dynamic global organization of 47,000 people serving clients in more than 140 countries, we have the agility and focus it takes to be a leader.

Business Risk Services Attest Services Senior Associate


Grant Thornton's Advisory professionals are progressive thinkers who create, protect, and transform value today so that our clients have the opportunity to thrive and grow. Grant Thornton's Advisory practice creates holistic solutions delivered by innovative, curious professionals who bring technical depth and industry insight to our clients. The Business Risk Services (BRS) practice includes Risk Advisory Services, Attest Services, Forensic Advisory Services, and Data Analytics and protects value for our clients.

Attest Services Senior Associates are responsible for delivering a full range of IT audit and attest services to our clients, as well as all phases of assigned projects and engagement management for multiple clients. The successful candidate will have overall responsibility for planning, direction, and completion of information systems audits and examination engagements. This includes the development and supervision of assigned staff members and assisting in client management and related practice development activities.

Essential Duties and Responsibilities:

  • Work with organizations to identify and manage business process and IT risks within their strategy execution model.

  • Assist clients in applying key frameworks including SOC 2, HITRUST, HIPAA, and NIST.

  • Execute assigned client engagements (SSAE examinations and IT audits) from start to completion, which includes the overall planning, execution, direction, and completion of engagements and managing the engagements to budget.

  • Manage the day-to-day aspects of engagements, including managing multiple work streams simultaneously and re-prioritizing tasks when unanticipated issues arise.

  • Supervise, train, and mentor assigned staff members and assess the performance of the staff members for their engagement reviews.

  • Evaluate and test client-related business process and IT controls and identify areas of risk for each.

  • Apply current knowledge of IT trends and systems processes to identify security and risk management issues, as well as other opportunities for overall process improvement.

  • Work with assigned team members and client personnel to plan engagement strategy, define objectives, and address technology-related controls risks and issues.

  • Maintain professionalism and rapport with the client. Proactively interact with key client management to manage expectations, help ensure client satisfaction, meet client deadlines, and resolve any problems.

  • Proactively interact with key client management to gather information, resolve problems, and make recommendations for business and process improvements.

  • Assist Grant Thornton Partners and senior management on applicable proposals and business development calls.

  • Maintain certification (CPA, CISA, CISSP, or CISM) and compliance with firm CPE requirements.

  • Other duties as assigned.

  • A Bachelor's degree in an Accounting or Information Technology-related field is required.

  • Dual experience in Accounting and Information Technology and Master's degrees are preferred.

  • Two to six (2-6) years of related work experience in IT audit within a similar consulting practice, a Big 4 firm, or a large CPA firm servicing cross-industry clients at a national level is required.

  • Information Security experience or information security training is required.

  • Other areas of expertise needed should include some of the following: access control software, security architecture and administration, Internet use/firewalls, network security awareness and enforcement, security policies and standards, operating systems (Windows, UNIX, AS400, Mainframe), and databases.

  • Ability to supervise staff members and lead multiple projects simultaneously is expected.

  • Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships, are expected.

  • Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment is required.

  • Ability to document testing in a highly detailed and exacting manner is expected.

  • Strong leadership, training, and mentoring skills, coupled with excellent verbal, written, and presentation skills are required.

  • Excellent analytical, organizational, and project management skills are required.

  • Excellent computer software skills, including proficiency in Microsoft Office Suite applications, are expected.

  • CPA, CISA, CISSP, or CISM license/certification.

  • Ability to work additional hours as needed and travel on a regular basis to clients is expected.

Additional Information:

  • Travel in this position can go as high as 60%.


Grant Thornton LLP promotes a nationally recognized culture of health and offers an extensive array of benefits to meet individual lifestyles. For a complete list of benefits please visit

Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world's leading organizations of independent audit, tax and advisory firms. Grant Thornton has revenue in excess of $1.7 billion and operates 59 offices across the United States with more than 590 partners and 8,500 employees in the United States and at our Shared Services Center in Bangalore, India.

Grant Thornton works with a broad range of publicly and privately held companies, government agencies, financial institutions, and civic and religious organizations. Core industries served include consumer and industrial products, financial services, not-for-profit, private equity, and technology. Grant Thornton focuses on serving dynamic organizations that pursue growth holistically whether through revenue improvement, leadership, mission fulfillment or innovation.

It is Grant Thornton's policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Risk Managed Threat Services Siem Engineer L3

Deloitte & Touche L.L.P.

Posted 1 week ago

VIEW JOBS 5/17/2019 12:00:00 AM 2019-08-15T00:00 Cyber Risk – Managed Threat Services SIEM Engineer – L3 Are you interested in improving the cyber risk protection of leading companies? If your response is yes, consider joining Deloitte & Touche LLP's growing Cyber Risk Vigilant Fusion Center. Our Fusion Center analysts and engineers assist our clients with identifying unauthorized activities and intrusions in their networks in real time. Work you'll do * The Managed Threat Services Engineer position supports the Security Operations Center (SOC) as an advanced escalation point identifying and addressing potential information security incidents. This role is also responsible for supporting architecture changes, tool deployments and advanced content development: * Onboard advanced data sources, create new custom parsers and SIEM architecture assessment and design reviews * Help define, implement and monitor key risk indicators and key performance indicators (KRIs/KPIs). * Keep abreast of latest IT security, regulatory and compliance trends to support, compare and contrast analysis across various risk models. Understand how to take this knowledge and apply it to the SOC. * Deliver advisory support and education relating to the SIEM to other technology personnel and to technology management. * Assist in Use Case Roadmap development for client and updating Use Cases into UC Repository * Advanced Use Case development (Use Case from Roadmap as well as hunting related UCs) * Help structure our content development pipelines across clients based on the maturity of the client environments as well as the latest trends in security * Review and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagements * Develop scripts to simplify data collection and other laborious tasks that are necessary to occur throughout onboarding of log sources * Review and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagements * Quality review for HLUC, TUC, UC Testing, Parser, Runbooks and other Technical documents * Submitting documentation through the QRM process * 24/7 on-call support (as needed) * Be the central POC for all escalations * Managing and providing knowledge transfer to Junior Cyber Security Engineers * Coordinate with various technical groups and attend in-person client meetings * Build relationship with client counterpart (i.e. Lead Security Engineer on Client side) * Participation in rotation with the Analysts and SOC Operations Lead as part of training * Travel requirement: Less than 10% * Location requirement: Work can be done remotely from any location in the US. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory's Cyber Risk Services practice. Qualifications Required: § In depth experienced with the following technologies: leading SIEM technologies such as ArcSight, QRadar, Nitro, NetWitness, LogRhythm or Splunk, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring), User and Network Behavior Analytics, End Point Solutions, and third-party monitoring tools such as Nagios, WhatsUp Gold or SolarWinds. § Five plus years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection § Must have been in a Level 2 Engineer role for at least two years § Understanding of Python or other scripting languages, TCP/IP stack, and UNIX/Linux environment § CISSP § Strong fundamental knowledge and understanding of current security vulnerabilities, attack vectors, industry technologies, trends, and techniques § Familiarity with tools such as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen Testing, APT § Experience with Intrusion Detection Systems, Firewalls, Proxy Servers, Antivirus, NAC, or other network security infrastructure § Ability to analyze complex issues for impact and alternative solutions, making logical decisions based on client objectives. § In depth hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration , Active Directory, Windows Workstation, Routers /Switches management, Firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, application/database vulnerability scanning tools, mobile device analysis or Secure coding § In depth understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc. § Proven SOC process knowledge § Advanced knowledge in system security architecture and security solutions Preferred: § MS in Computer Science or Information Management desirable or equivalent work experience § Excellent interpersonal and organizational skills § Excellent oral and written communication skills § Self-motivated to improve knowledge and skills § Detail oriented § A strong desire to understand the what as well as the why and the how of security incidents § Works well both in a team environment and independently § A desire to lead a team and assist and mentor others As used in this document, "Deloitte" means Deloitte LLP and its subsidiaries. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. Requisition code: E19NATEA8SS402MTS * * * * * * Deloitte & Touche L.L.P. Arlington VA

Business Risk Services - Attest Services Sr. Associate

Grant Thornton LLP