Develop and maintain the firm's Information Security strategy, aligned to the IT strategy, CDO priorities and the firm's broader digital transformation programme.
Own and operate the Information Security Management System (ISMS), ensuring compliance with ISO 27001 and other applicable standards.
Provide senior input to the risk committees on AI and information security, and represent security at the AI Governance Board.
Maintain and report on a cyber risk register, providing regular risk posture updates to the CIO, CDO and relevant governance forums.
AI and Digital Transformation Security
Lead security governance for the firm's generative AI programme.
Assess and govern emerging risks from AI-generated outputs, including artefact hosting, client-facing microsites, and third-party MCP integrations.
Risk, Compliance and Regulatory Obligations
Ensure the firm's security posture meets obligations to professional standards bodies (ICAEW, FRC), client contractual requirements, and applicable regulation.
Lead incident response governance, including classification, escalation, investigation and lessons-learned processes for cyber and information security incidents.
Oversee third-party and supplier security risk management, including due diligence on SaaS platforms (ESM, GRC, LMS, HR systems) and cloud infrastructure providers.
Support or lead engagement with cyber insurers, clients, external auditors and any regulatory enquiries related to information security.
Security Culture and Awareness
Drive a security-aware culture across the firm, developing and maintaining the training and awareness programme so it is engaging, practical and proportionate.
Champion a 'secure by design' mindset across IT, the digital team and the wider business, particularly as new products and platforms are introduced.
Leadership and Stakeholder Engagement
Lead, manage and develop the security function, including GRC, security engineering and awareness roles.
Act as the primary escalation point and senior authority for all security matters, providing clear and credible advice to the CIO, CDO and firm leadership.
Represent Grant Thornton UK in external forums, industry bodies and client conversations where security governance or assurance is relevant.
Build influence and effective working relationships with the CISO co
Additional Information
Alternatively, Grant Thornton
At Grant Thornton we do things differently - looking to the future, driving ambitious growth and pioneering positive change in our industry. Providing audit, tax and advisory services, we empower clients through strategic insight, curiosity, and genuine partnership. And we empower our people with real opportunity, an inclusive culture and work life balance. A true alternative.
With over 5,000 people in the UK, and a presence in 150 global markets, we're on an ambitious journey, from great to exceptional, and we need the best people to help us achieve our potential. And with that comes the opportunity to help redefine what our industry looks like, and what you want from your career.
Job Description:
Chief Information Security Officer (CISO)
Location - London
NEW GROUND WON'T BREAK ITSELF.
Grant Thornton UK is a leading professional services firm providing audit, tax and advisory services. The firm is undergoing a significant technology-led transformation, including the enterprise deployment of generative AI, a product-centric IT operating model, and the modernisation of data platforms. This transformation, combined with the firm's obligations to regulators, clients and professional standards bodies, makes security governance and risk management a critical discipline.
A look into the role
The CISO will be the firm's senior IT security authority, reporting directly to the CIO. The role bridges strategic risk ownership and hands-on governance, ensuring security is embedded by design into platforms, products and processes. This is not a purely advisory role; the CISO will own the security framework, lead a team, and be a visible and influential voice at senior leadership level. rant Thornton UK is a leading professional services firm providing audit, tax and advisory services. The firm is undergoing a significant technology-led transformation, including the enterprise deployment of generative AI, a product-centric IT operating model, and the modernisation of data platforms. This transformation, combined with the firm's obligations to regulators, clients and professional standards bodies, makes security governance and risk management a critical discipline.
The CISO will be the firm's senior IT security authority, reporting directly to the CIO. The role bridges strategic risk ownership and hands-on governance, ensuring security is embedded by design into platforms, products and processes. This is not a purely advisory role; the CISO will own the security framework, lead a team, and be a visible and influential voice at senior leadership level.
Ukgrantt · London, UK