Director of Global Cyber Risk Operations

Grant Thornton is actively seeking a visionary Director of Global Cyber Risk Operations to spearhead the creation and management of a comprehensive Cyber Risk Operations Center (ROC). This pivotal role will focus on the continual identification, assessment, prioritization, and management of technology and infrastructure risks across the entire organization.

The ideal candidate should possess extensive technical expertise and sound risk judgment, along with the capability to operationalize cyber risk at scale—translating technical vulnerabilities into actionable, business-oriented risk insights. This leader will collaborate closely with teams in infrastructure, cloud, engineering, identity and access management (IAM), compliance, and third-party stakeholders worldwide.

Key Responsibilities

Cyber Risk Operations & Strategy

• Develop and establish a global Cyber Risk Operations Center (ROC), creating the operating model, workflows, integration of tools, metrics, and governance.
• Create and implement a consistent framework for identifying, prioritizing, tracking, and addressing cyber and infrastructure risks.
• Cooperate with security architecture, infrastructure, cloud, and application teams to embed risk management into daily operations.

Technology & Infrastructure Risk Management

• Manage enterprise technology risk visibility across on-premises, cloud, hybrid, and SaaS environments.
• Lead risk assessment and exception management processes, including risk acceptance and reporting to executives.
• Drive secure configuration assessments and risk management aligned with industry standards such as CIS and NIST.

Cloud Exposure & Attack Surface Management

• Oversee cloud security posture, exposure management, and attack path analysis across Azure and multi-cloud environments.
• Utilize tools such as Wiz, Azure Security Center / Defender to identify misconfigurations and high-risk attack paths.
• Collaborate with cloud engineering teams to prioritize remediation based on risk and business impact.

Vulnerability & Endpoint Risk

• Lead vulnerability management and endpoint exposure programs with tools such as Qualys and CrowdStrike.
• Ensure risk-based prioritization of vulnerabilities considering exploitability, asset criticality, and exposure.

Identity & Access Risk

• Manage identity-related risk, including privileged access and conditional access, utilizing Microsoft Entra ID.
• Work closely with IAM teams to reduce identity-driven attack paths and enforce least privilege practices.

Third-Party Risk Management

• Oversee cyber risk related to third parties and supply chains, including technology assessments and ongoing monitoring.
• Integrate third-party risk insights into enterprise risk reporting and strategic decision-making.

Leadership & Stakeholder Engagement

• Build and lead a high-performing, globally distributed team of cyber risk professionals.
• Communicate complex technical risk issues clearly to executives, auditors, and non-technical stakeholders.
• Provide regular updates on risk posture to senior leadership, identifying trends and material risks.

Required Qualifications

• 12+ years of experience in cybersecurity or technology risk, with at least 5 years in senior leadership roles.
• In-depth technical knowledge of enterprise infrastructure, cloud platforms (particularly Azure), and security architecture.
• Hands-on experience with tools such as Qualys, CrowdStrike, Wiz, and Azure Security Center.
• Demonstrated ability to design or scale cyber risk and vulnerability management programs.
• Strong understanding of cyber risk frameworks, including NIST CSF and ISO 27001.
• Proven capability to translate technical findings into business-relevant risk decisions.

Preferred Qualifications

• Experience in establishing centralized risk operations or exposure management functions.
• Background in highly regulated or multinational enterprise settings.
• Familiarity with SOC 2, cloud compliance, and audit-related risk management.
• Relevant certifications (CISSP, CISM, CCSP, CRISC, or similar).

The base salary for this role ranges from $187,500 to $312,500 per year in select offices, with higher compensation for locations like San Francisco. The specific salary range for your location can be provided during the interview process.

At Grant Thornton, we prioritize making business personal, offering a supportive environment where your career can thrive. We focus on delivering exceptional opportunities, flexibility, and well-being, recognizing that diverse experiences contribute to our strength. Join us to explore how we can help you grow in your career!