Director, Information Security Audit & Compliance (Global)
Grant Thornton (US) · Tampa, FL · 2 wk ago
HybridConsulting$172k–$250k/yrFull-time
About the role
Grant Thornton is seeking a Director of Information Security Audit & Compliance to lead and scale a global audit and compliance practice.
Responsibilities
- Define and lead the global information security audit and compliance strategy across the enterprise.
- Establish and scale global delivery centers to support audits, evidence management, and continuous compliance operations.
- Own the audit calendar and roadmap for ISO, NIST-based, HIPAA, and client-driven audits.
- Lead enterprise-wide audits and assessments including ISO 27001, NIST, HIPAA, and client-specific security audits.
- Act as the primary point of contact for external auditors, regulators, and client assessors.
- Ensure timely, high-quality audit deliverables, responses, and remediation plans.
- Align the information security governance program to NIST Cybersecurity Framework (CSF) and NIST 800-53.
- Develop, maintain, and mature security policies, standards, and control frameworks.
- Ensure controls are consistently implemented, tested, and evidenced across global teams.
- Establish processes for continuous control monitoring, internal testing, and readiness assessments.
- Track audit findings, remediation efforts, and risk acceptances through closure.
- Partner with technology, security, and business teams to remediate gaps and strengthen control effectiveness.
- Support client due diligence, RFP security responses, and client-led audits.
- Translate technical and control-based requirements into clear, business-aligned commitments.
- Build trust with clients by demonstrating a mature, transparent compliance posture.
- Build, lead, and mentor a globally distributed team of audit and compliance professionals.
- Define roles, responsibilities, career paths, and training for audit and compliance staff.
- Foster strong collaboration with security engineering, IT, legal, privacy, and risk teams.
Qualifications
- 12+ years of experience in information security, audit, or compliance, with 5+ years in senior leadership roles.
- Deep hands-on experience leading ISO 27001, 27701, 27017, NIST, HIPAA, and client-driven security audits.
- Strong expertise in NIST CSF and NIST 800-53 governance, control design, and assessment.
- Proven experience building or scaling global audit and compliance delivery models.
- Strong understanding of information security controls, risk management, and regulatory expectations.
- Excellent communication skills with the ability to engage executives, auditors, and clients.
Preferred Qualifications
- Experience operating in global, highly regulated environments.
- Familiarity with SOC 1 / SOC 2, cloud compliance, and third-party risk assessments.
- Experience implementing GRC tooling to support audit and compliance workflows.
- Professional certifications such as CISSP, CISA, CRISC, CISM, ISO 27001 Lead Auditor, or equivalent.
Pay
The base salary range for this position is between $172,000 and $250,000. Placement within the pay range is at Grant Thornton’s discretion, and it is based on multiple factors, including but not limited to, job-related knowledge/skills, experience, business needs, progression within the role, geographic location, and internal equity.
Schedule
This position requires in-person attendance at least three days per week, either at a GT office or client site.