IT Risk Cyber Internal Audit Senior Associate

As a member of Grant Thornton’s Cybersecurity Internal Audit (IA Cybersecurity) team, you will have the opportunity to collaborate with our clients and deliver consulting and advisory services across a broad spectrum of areas related to cybersecurity. You will support clients in evaluating and enhancing their Cybersecurity risk posture through internal audits, control testing, and maturity assessments. You’ll work closely with cross-functional across risk and compliance teams to assess risks, test controls, and provide actionable insights aligned with industry standards and regulatory frameworks.

As an IA Cybersecurity Senior Risk Associate, you will get the opportunity to contribute to our clients' business needs and grow within our practice by applying a collection of Cybersecurity capabilities, including governance, risk assessments, control testing, and technology operations for the Cybersecurity practice, all with the resources, environment, and support to help you excel.

From day one, you’ll be empowered by the greater Risk Advisory team to help clients make the moves that will help them achieve their vision and help you grow your Cybersecurity knowledge. 

Your Day-To-Day May Include:

• Assist in planning and executing Cybersecurity internal audits, risk assessments, and control testing engagements.
• Lead walkthroughs, interviews, and workshops with client stakeholders to understand security processes and technology environments.
• Perform Cybersecurity control testing and Cybersecurity program capability assessments.
• Conduct Cybersecurity maturity assessments using frameworks such as NIST CSF, CSA CCM, ISO/IEC 27001, COBIT, and HITRUST.
• Support assessments for regulatory compliance including HIPAA, FedRAMP, GLBA, GDPR, and state-led data breach notification laws.
• Document audit findings, develop risk-based recommendations, and develop client deliverables.
• Identify emerging risks and recommend mitigation strategies. 
• Develop roadmaps to help clients mitigate Cyber risks and enhance overall Cybersecurity posture.
• Stay current on Cybersecurity trends, threat landscapes, and regulatory developments. This includes technical familiarity with common Cybersecurity tools, cloud environment/architecture, and threat vectors. 
• Provide mentorship and training to junior team members by reviewing their work, offering guidance on risk assessment methodologies, and supporting their professional development to enhance overall team capability.
• Contribute to project management tasks such as scheduling, documentation, and status reporting to ensure smooth execution of projects.
• Support client engagements from start to finish, which includes planning, fieldwork (including control testing), and reporting.
• Participate in professional development activities and training sessions on regular basis.
• Assist with business development initiatives, including proposal preparation, research, and developing client presentations.
• Adhere to the highest degree of professional standards and strict client confidentiality.
• Other job duties as assigned.

You have the following technical skills and qualifications: 

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field is required.
• Master’s degree in Cybersecurity related field preferred (not required)
• 3+ years of experience in Cybersecurity, internal audit, or IT risk.
• CISA, CISSP or similar professional certifications (CISA, and CISSP) preferred.
• Experience as a client serving professional for a consulting firm desired.
• Familiarity with Cybersecurity frameworks and standards including (but not limited to):
• Functional understanding of IT, Cybersecurity, cloud security, data protection, vulnerability management, and incident response.
• Strong understanding of the cloud shared responsibility model and how that may impact clients. 
• Ability to communicate clearly and effectively (oral and written) with all internal and external stakeholders.
• Ability to deliver presentations to clients on Cybersecurity risk assessments, findings, and recommendations
• Strong project management skills and the ability to execute multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
• Ability to travel to client locations (as needed).
• NIST CSF, NIST 800-53, NIST 800-171
• CSA CCM
• ISO/IEC 27001, ISO/IEC 27002
• HIPAA, FedRAMP, GLBA, CCM
• COBIT, HITRUST, PCI DSS

The base salary range for this position is the firm's New York City, NY office only is between $103,700 - $155,500

At Grant Thornton, we believe in making business more personal and building trust into every result – for our clients and you. Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support. It’s what makes us different, and we think being different makes us better. 

In the U.S., Grant Thornton delivers professional services through two specialized entities: Grant Thornton LLP, a licensed, certified public accounting (CPA) firm that provides audit and assurance services ― and Grant Thornton Advisors LLC (not a licensed CPA firm), which exclusively provides non-attest offerings, including tax and advisory services.

In 2025, Grant Thornton formed a multinational, multidisciplinary platform with Grant Thornton Ireland. The platform offers a premier Trans-Atlantic advisory and tax practice, as well as independent American and Irish audit practices. With $2.7 billion in revenues and more than 50 offices spanning the U.S., Ireland and other territories, the platform delivers a singular client experience that includes enhanced solutions and capabilities, backed by powerful technologies and a roster of 12,000 quality-driven professionals enjoying exceptional career-growth opportunities and a distinctive cross-border culture.

Grant Thornton is part of the Grant Thornton International Limited network, which provides access to its member firms in more than 150 global markets.