Director, Information Security Audit & Compliance (Global)

About The Position

Requirements

• 12+ years of experience in information security, audit, or compliance, with 5+ years in senior leadership roles.
• Deep hands-on experience leading ISO 27001, 27701, 27017, NIST, HIPAA, and client-driven security audits.
• Strong expertise in NIST CSF and NIST 800-53 governance, control design, and assessment.
• Proven experience building or scaling global audit and compliance delivery models.
• Strong understanding of information security controls, risk management, and regulatory expectations.
• Excellent communication skills with the ability to engage executives, auditors, and clients.

Nice To Haves

• Experience operating in global, highly regulated environments.
• Familiarity with SOC 1 / SOC 2, cloud compliance, and third-party risk assessments.
• Experience implementing GRC tooling to support audit and compliance workflows.
• Professional certifications such as CISSP, CISA, CRISC, CISM, ISO 27001 Lead Auditor, or equivalent.

Responsibilities

• Define and lead the global information security audit and compliance strategy across the enterprise.
• Establish and scale global delivery centers to support audits, evidence management, and continuous compliance operations.
• Own the audit calendar and roadmap for ISO, NIST-based, HIPAA, and client-driven audits.
• Lead enterprise-wide audits and assessments including ISO 27001, NIST, HIPAA, and client-specific security audits.
• Act as the primary point of contact for external auditors, regulators, and client assessors.
• Ensure timely, high-quality audit deliverables, responses, and remediation plans.
• Align the information security governance program to NIST Cybersecurity Framework (CSF) and NIST 800-53.
• Develop, maintain, and mature security policies, standards, and control frameworks.
• Ensure controls are consistently implemented, tested, and evidenced across global teams.
• Establish processes for continuous control monitoring, internal testing, and readiness assessments.
• Track audit findings, remediation efforts, and risk acceptances through closure.
• Partner with technology, security, and business teams to remediate gaps and strengthen control effectiveness.
• Support client due diligence, RFP security responses, and client-led audits.
• Translate technical and control-based requirements into clear, business-aligned commitments.
• Build trust with clients by demonstrating a mature, transparent compliance posture.
• Build, lead, and mentor a globally distributed team of audit and compliance professionals.
• Define roles, responsibilities, career paths, and training for audit and compliance staff.
• Foster strong collaboration with security engineering, IT, legal, privacy, and risk teams.

Benefits

• Whether it’s your work location, weekly schedule, or flex time off, we empower you with the options to work in the way that best serves your clients and your life. Consistent with the firm’s hybrid work model, this position will require in-person attendance at least two days per week, either at a GT office or client site.
• Here, you are supported to prioritize your overall well-being through work-life integration options that work best for you and those in your household.
• We understand that your needs, responsibilities and experiences are different — and we think that’s a good thing. That’s why we support you with personalized and comprehensive benefits that recognize and empower all the identities, roles and aspirations that make you, well, you. See how at www.gt.com/careers
• When it comes to inclusion, we are committed to doing more than checking boxes. Explore all the ways we’re taking action for diversity, equity & inclusion at www.gt.com/careers
• Grant Thornton interns are eligible to participate in the firm’s medical, dental and vision insurance programs and the firm’s employee assistance program. Interns also receive a minimum of 72 hours of paid sick leave and are paid for firm holidays that fall within their internship period.
• Grant Thornton seasonal employees are eligible to participate in the firm’s medical, dental and vision insurance programs and the firm’s employee assistance program. Seasonal employees may also be eligible to participate in the firm’s 401(k) savings plan and employee retirement plan in accordance with applicable plan terms and eligibility requirements. Seasonal employees receive a minimum of 72 hours of paid sick leave.