Cybersecurity Operations Engineer (global role in a virtual working

About Grant Thornton Grant Thornton is one of the world’s leading professional services networks with over 68,000 people from member firms in over 140 markets around the world generating global revenues of USD7.2 billion a year.

Member firms offer audit, tax, and advisory services to privately owned companies, publicly listed companies, public sector and not for profit organisations, both domestically and internationally.

Grant Thornton International Ltd (GTIL) is the umbrella legal entity for the Grant Thornton global network of member firms.

GTIL sets the strategic direction, convenes member firms, connects global communities, and protects the brand and reputation of the network.

GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UN’s Sustainable Development Goals (SDGs). Role purpose In our Go Beyond network strategy 2025 our vision is to become ‘the most valued network in the profession’. The Cybersecurity Operations Engineer plays a crucial role in managing the proactive, operational and reactive cybersecurity posture for GTIL and member firms globally.

Reporting directly to the Global Cybersecurity Operations Manager and with key relationships to IT Operations and the Managed Security Service Provider (MSSP), this role provides operational expertise and orchestration across a wide range of cybersecurity solutions.

This includes implementation, operations, maintenance and monitoring of key security services to provide the best insight, protection and value for the organisation.

The successful candidate will develop recommended operational tactics and procedures to enable GTIL, and their member firms, to effectively plan and execute cyber operations missions and cyber security cooperation programs.

The candidate will conduct operational and systems engineering analysis of plans, capabilities, architectures, processes, and concepts to inform recommendations for GTIL, as well as member firms.

Main Responsibilities Cybersecurity Operations Liaising with the firm’s MSSP to provide oversight of key monitoring services including but not limited to vulnerability management, EDR, secure email gateway and SIEM services.

Liaise with the various Business Unit stakeholders, MSSP, and cybersecurity vendors, with regards to provision and maintenance of operational and monitoring tools.

Respond to, redirect or escalate GTIL and Member Firm queries, in relation to impacting cybersecurity operations and potential threats, in a manner consistent with an understanding of impact and priority.

Oversee the security training and awareness programmes for GTIL.

Develop and maintain various levels of documentation of cybersecurity operations including but not limited to executive reports, summaries, memos, runbooks, policies, plans, and procedures.

Develop data-driven recommendations to define and guide technical and tactical assessments of information operations, processes, and architectures Development of detailed test plans providing an understanding of information operational challenges and requirements to inform technical objectives.

Conduct technical and operational analysis of alternatives between multiple technical approaches and develop actionable courses of action.

Understand and communicate best practices and recommendations into time-phased implementation plans and roadmaps.

Support the Global Cybersecurity Operations Manager in new projects and other security initiatives as required.

Risk Monitoring Assess the need to investigate potential security incidents and the degree to which the investigation must happen.

Determine the need to escalate a security incident to management.

Act as a technical advisor during a cybersecurity incident response invocation; liaise with other technical responders within GTIL, the Member Firms, forensic experts and associated MSSP’s.

Collaborate with GTIL and Member Firms (business stakeholders and remediation teams), to review and report on remedial actions.

Develop and maintain documentation on cyber security incident playbook and runbooks, process workflow, incident handling and response capabilities.

Location The ideal candidate will be based in the Americas time zone, although we will consider strong candidates from other locations.

Person Specification Equivalent post high school education and/or work-related experience in Computer Science, Information Systems, or other Information Technology related field.

Data-driven, curious, an independent thinker, able to work autonomously, in an accountable, communicative, flexible, and creative fashion.

Experience - essential Demonstrated experience of working in IT Operations, Information Security OR a combination of relevant experience Demonstrated operational expertise: Vulnerability management; Endpoint Detection and Response; Logging and Monitoring (SIEM, User Behaviour Analytics); Windows client, server and hyper-visor operating systems; Cloud architecture (security controls and configurations) Effective communication (verbal and written) and project management skills to work with various levels and divisions within the organization Strong organisational and communication skills Ability to learn and adapt to a constantly changing technology and threat landscape.

This role scope of responsibility will, on occasion, extend to include member firms across the globe, communication and relationship building is a key requirement.

Provides expertise and solutions for complex initiatives and is capable of making independent decisions.

Cultural awareness, the ability to work well with people from different disciplines and backgrounds.

Ability to be agile, respond positively to change and contribute with an innovative and global mindset.

Experience - desirable Security Operations Centre (SOC) experience CompTIA Security+ or CySA+ Microsoft Azure AZ900, AZ500 Incident response experience Benefits There are many benefits of being part of Grant Thornton International, working with a global and diverse team in a virtual setting is just one of them.

We pride ourselves on our inclusive culture and believe it's one of our most valuable assets.

We also recognise the importance of time off at Grant Thornton International.

Taking time away can lead to improved wellbeing and better productivity, which is why we don’t cap your leave.

So if you need to take that extra Friday off (and Monday too), no problem.

We believe work is no longer a location, it is what we do.

This should help all of us deliver our best work, while achieving the right balance in our lives.

We want to build a culture of virtual inclusivity.

One where all our people have the ability to choose what works best for them but also provides our people the best shared working experience utilising the digital tools we have available.

GTIL will provide individuals with the necessary support and equipment to work effectively from home.

We also have a collaborative space to offer should you prefer working outside of your home.

We will offer you access to digital learning options, as well as external training, should you role and development needs require this.

We fully understand the importance of balancing your life and we aim to support that with remote working and flexibility within your role.

We understand the time you spend outside of work helps shape what you bring into work, so we encourage flexibility on both sides.

However, if you prefer to work from the office, this is also something we offer.

We also understand the importance of working comfortably in a remote office - most likely your home, which is why we offer all staff a monthly home office allowance to ensure you're well equipped and able to undertake your role to the fullest.

These are just some of the benefits of working at Grant Thornton International.

We also have a wide range of attractive core benefits including pension, health insurance, wellbeing programmes and much much more.