IT Risk Cyber Internal Audit Experienced Associate

As a member of Grant Thornton’s Cybersecurity Internal Audit (IA Cybersecurity) team, you will have the opportunity to collaborate with our clients and deliver consulting and advisory services across a broad spectrum of areas related to cyber risk. You will support clients in evaluating and enhancing their Cybersecurity risk posture through internal audits, control testing, and maturity assessments. You’ll work closely with cross-functional teams to assess risks, test controls, and provide actionable insights aligned with industry standards and regulatory frameworks.

As an IA Cybersecurity Risk Associate, you will get the opportunity to contribute to our clients' business needs and grow within our practice by applying a collection of Cybersecurity capabilities, including governance, risk assessments, control testing, and technology operations for the Cybersecurity practice, all with the resources, environment, and support to help you excel.

From day one, you’ll be empowered by the greater Risk Advisory team to help clients make the moves that will help them achieve their vision and help you grow your Cybersecurity knowledge.  

Your Day-To-Day May Include:

• Assist in planning and executing Cybersecurity internal audits, risk assessments, and control testing engagements.
• Assist with performing Cybersecurity control testing and Cybersecurity program capability assessments.
• Conduct Cybersecurity maturity assessments using frameworks such as NIST CSF, CSA CCM, ISO/IEC 27001, COBIT, and HITRUST.
• Support assessments for regulatory compliance including HIPAA, FedRAMP, GLBA, and state-led data breach notification laws.
• Document audit findings, develop risk-based recommendations, and contribute to client deliverables.
• Assist organizations with identifying recommendations and developing roadmaps to mitigate cyber risks and enhance overall Cybersecurity posture.
• Collaborate with senior team members to identify emerging risks and recommend mitigation strategies.
• Participate in walkthroughs, and workshops with client stakeholders to understand information security/ cybersecurity processes and technology environments.
• Stay current on Cybersecurity trends, threat landscapes, and regulatory developments. This includes technical familiarity with common Cybersecurity tools, cloud environment/architecture, and threat vectors.
• Assist with executing remediation plans resulting from assessment activities.
• Support client engagements from start to finish, which includes planning, fieldwork, and reporting.
• Participate in professional development activities and training sessions on regular basis.
• Adhere to the highest degree of professional standards and strict client confidentiality.
• Other job duties as assigned.

You have the following technical skills and qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field is required.
• 2+ years of experience in Cybersecurity, internal audit, or IT risk.
• Familiarity with Cybersecurity frameworks and standards including (but not limited to):
• Foundational understanding of IT, Cybersecurity, cloud security, data protection, vulnerability management, and incident response.
• Strong understanding of the cloud shared responsibility model and how that may impact clients’ 
• Ability to communicate clearly and effectively (oral and written) with all internal and external stakeholders.
• Exceptional client service, communication, analytical, and organizational skills.
• Strong project management skills and the ability to execute multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
• Ability to travel to client locations (as needed).
• NIST CSF, NIST 800-53, NIST 800-171
• CSA CCM
• ISO/IEC 27001, ISO/IEC 27002
• HIPAA, FedRAMP, GLBA, CCM
• COBIT, HITRUST, PCI DSS

The base salary range for this position is the firm's New York City, NY office only is between $73,400 to $110,200. 

At Grant Thornton, we believe in making business more personal and building trust into every result – for our clients and you. Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support. It’s what makes us different, and we think being different makes us better. 

In the U.S., Grant Thornton delivers professional services through two specialized entities: Grant Thornton LLP, a licensed, certified public accounting (CPA) firm that provides audit and assurance services ― and Grant Thornton Advisors LLC (not a licensed CPA firm), which exclusively provides non-attest offerings, including tax and advisory services.

In 2025, Grant Thornton formed a multinational, multidisciplinary platform with Grant Thornton Ireland. The platform offers a premier Trans-Atlantic advisory and tax practice, as well as independent American and Irish audit practices. With $2.7 billion in revenues and more than 50 offices spanning the U.S., Ireland and other territories, the platform delivers a singular client experience that includes enhanced solutions and capabilities, backed by powerful technologies and a roster of 12,000 quality-driven professionals enjoying exceptional career-growth opportunities and a distinctive cross-border culture.

Grant Thornton is part of the Grant Thornton International Limited network, which provides access to its member firms in more than 150 global markets.