Jobs · Consulting · Kansas

Director, Information Security Audit & Compliance (Global)

Grant Thornton (US) · Wichita, KS · 2 wk ago
HybridConsulting$172k–$250k/yrFull-time

About the role

Grant Thornton is seeking a Director of Information Security Audit & Compliance to lead and scale a global audit and compliance practice.

Responsibilities

  • Define and lead the global information security audit and compliance strategy across the enterprise.

  • Establish and scale global delivery centers to support audits, evidence management, and continuous compliance operations.

  • Own the audit calendar and roadmap for ISO, NIST-based, HIPAA, and client-driven audits.

  • Lead enterprise-wide audits and assessments including ISO 27001, NIST, HIPAA, and client-specific security audits.

  • Act as the primary point of contact for external auditors, regulators, and client assessors.

  • Ensure timely, high-quality audit deliverables, responses, and remediation plans.

  • Align the information security governance program to NIST Cybersecurity Framework (CSF) and NIST 800-53.

  • Develop, maintain, and mature security policies, standards, and control frameworks.

  • Ensure controls are consistently implemented, tested, and evidenced across global teams.

  • Establish processes for continuous control monitoring, internal testing, and readiness assessments.

  • Track audit findings, remediation efforts, and risk acceptances through closure.

  • Partner with technology, security, and business teams to remediate gaps and strengthen control effectiveness.

  • Support client due diligence, RFP security responses, and client-led audits.

  • Translate technical and control-based requirements into clear, business-aligned commitments.

  • Build trust with clients by demonstrating a mature, transparent compliance posture.

  • Build, lead, and mentor a globally distributed team of audit and compliance professionals.

  • Define roles, responsibilities, career paths, and training for audit and compliance staff.

  • Foster strong collaboration with security engineering, IT, legal, privacy, and risk teams.

Qualifications

  • 12+ years of experience in information security, audit, or compliance, with 5+ years in senior leadership roles.

  • Deep hands-on experience leading ISO 27001, 27701, 27017, NIST, HIPAA, and client-driven security audits.

  • Strong expertise in NIST CSF and NIST 800-53 governance, control design, and assessment.

  • Proven experience building or scaling global audit and compliance delivery models.

  • Strong understanding of information security controls, risk management, and regulatory expectations.

  • Excellent communication skills with the ability to engage executives, auditors, and clients.

Preferred Qualifications

  • Experience operating in global, highly regulated environments.

  • Familiarity with SOC 1 / SOC 2, cloud compliance, and third-party risk assessments.

  • Experience implementing GRC tooling to support audit and compliance workflows.

  • Professional certifications such as CISSP, CISA, CRISC, CISM, ISO 27001 Lead Auditor, or equivalent.

Similar jobs