Director, Information Security Audit & Compliance (Global)

Director, Information Security Audit & Compliance (Global) Downers Grove, IL, United States and 43 more About Us At Grant Thornton, we believe in making business more personal and building trust into every result – for our clients and you. Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support. It’s what makes us different, and we think being different makes us better. In the U.S., Grant Thornton delivers professional services through two specialized entities: Grant Thornton LLP, a licensed, certified public accounting (CPA) firm that provides audit and assurance services ― and Grant Thornton Advisors LLC (not a licensed CPA firm), which exclusively provides non-attest offerings, including tax and advisory services. In 2025, Grant Thornton formed a multinational, multidisciplinary platform with Grant Thornton Ireland. The platform offers a premier Trans-Atlantic advisory and tax practice, as well as independent American and Irish audit practices. With $2.7 billion in revenues and more than 50 offices spanning the U.S., Ireland and other territories, the platform delivers a singular client experience that includes enhanced solutions and capabilities, backed by powerful technologies and a roster of 12,000 quality-driven professionals enjoying exceptional career‑growth opportunities and a distinctive cross‑border culture. Grant Thornton is part of the Grant Thornton International Limited network, which provides access to its member firms in more than 150 global markets. About the Team The team you’re about to join is ready to help you thrive. Here’s how: Whether it’s your work location, weekly schedule, or flex time off, we empower you with the options to work in the way that best serves your clients and your life. Consistent with the firm’s hybrid work model, this position will require in‑person attendance at least two days per week, either at a GT office or client site. Here, you are supported to prioritize your overall well‑being through work‑life integration options that work best for you and those in your household. We understand that your needs, responsibilities and experiences are different — and we think that’s a good thing. That’s why we support you with personalized and comprehensive benefits that recognize and empower all the identities, roles and aspirations that make you, well, you. When it comes to inclusion, we are committed to doing more than checking boxes. Explore all the ways we’re taking action for diversity, equity & inclusion at If you apply and are selected to interview, a Grant Thornton team member will reach out to you to schedule a time to connect. We encourage you to also check out other roles that may be a good fit for you or get to know us a little bit better at Benefits: We understand that your needs, responsibilities and experiences are different, and we think that’s a good thing. For an overview of our benefit offerings, please visit: AdditionalDetails: It is the policy of Grant Thornton to promote equal employment opportunities. All personnel decisions (including, but not limited to, recruiting, hiring, training, working conditions, promotion, transfer, compensation, benefits, evaluations, and termination) are made without regard to race, color, religion, national origin, sex, age, marital or civil union status, pregnancy or pregnancy‑related condition, sexual orientation, gender identity or expression, citizenship status, veteran status, disability, handicap, genetic predisposition or any other characteristic protected by applicable federal, state, or local law. Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws, it is the policy of Grant Thornton to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. To make an accommodation request, please contact View email address on click.appcast.io. For Los Angeles Applicants only: We will consider for employment all qualified Applicants, including those with Criminal Histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance. For Massachusetts Applicants only: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Grant Thornton does not require or administer lie detector tests as a condition of employment or continued employment. Job Description Grant Thornton is seeking a Director of Information Security Audit & Compliance to join the team. Approved office locations can be found below. We are seeking a Director of Information Security Audit & Compliance to lead and scale a global audit and compliance practice. This role will be responsible for establishing global delivery centers, managing internal and external audits, and ensuring the information security program is governed through a consistent, defensible framework aligned to NIST CSF and NIST 800‑53. The ideal candidate combines deep audit and regulatory expertise with strong operational leadership, enabling the organization to meet regulatory, client, and certification requirements while supporting business growth and innovation. Key Responsibilities Audit & Compliance Strategy Define and lead the global information security audit and compliance strategy across the enterprise. Establish and scale global delivery centers to support audits, evidence management, and continuous compliance operations. Own the audit calendar and roadmap for ISO, NIST-based, HIPAA, and client‑driven audits. Audit Management & Execution Lead enterprise‑wide audits and assessments including ISO 27001 , NIST , HIPAA , and client‑specific security audits. Act as the primary point of contact for external auditors, regulators, and client assessors. Ensure timely, high‑quality audit deliverables, responses, and remediation plans. Align the information security governance program to NIST Cybersecurity Framework (CSF) and NIST 800‑53 . Develop, maintain, and mature security policies, standards, and control frameworks. Ensure controls are consistently implemented, tested, and evidenced across global teams. Continuous Compliance & Control Assurance Establish processes for continuous control monitoring, internal testing, and readiness assessments. Track audit findings, remediation efforts, and risk acceptances through closure. Partner with technology, security, and business teams to remediate gaps and strengthen control effectiveness. Client & Regulatory Engagement Support client due diligence, RFP security responses, and client‑led audits. Translate technical and control‑based requirements into clear, business‑aligned commitments. Build trust with clients by demonstrating a mature, transparent compliance posture. Leadership & Global Team Development Build, lead, and mentor a globally distributed team of audit and compliance professionals. Define roles, responsibilities, career paths, and training for audit and compliance staff. Foster strong collaboration with security engineering, IT, legal, privacy, and risk teams. Required Qualifications 12+ years of experience in information security, audit, or compliance, with 5+ years in senior leadership roles. Deep hands‑on experience leading ISO 27001, 27701, 27017 , NIST , HIPAA , and client‑driven security audits. Strong expertise in NIST CSF and NIST 800‑53 governance, control design, and assessment. Proven experience building or scaling global audit and compliance delivery models. Strong understanding of information security controls, risk management, and regulatory expectations. Excellent communication skills with the ability to engage executives, auditors, and clients. Preferred Qualifications Experience operating in global, highly regulated environments. Familiarity with SOC 1 / SOC 2, cloud compliance, and third‑party risk assessments. Experience implementing GRC tooling to support audit and compliance workflows. Professional certifications such as CISSP, CISA, CRISC, CISM, ISO 27001 Lead Auditor , or equivalent. The base salary range for this position in the firm’s Chicago, IL, Downers Grove, IL, Cleveland, OH, Minneapolis, MN, Reno, NV, Denver, CO and Baltimore, MD offices only is between $172,000 and $258,000 per year. The base salary range for this position in the firm’s Washington, DC, Boston, MA, Bellevue, WA, Los Angeles, CA, Newport Beach, CA San Diego, CA, Edison, NJ, and New York, NY, and Melville, NY offices only is between $185,760 and $278,640 per year. The base salary range for this position in the firm’s San Francisco, CA and San Jose, CA offices only is between $197,800 and $296,700 per year. Job Info Job Identification 114578 Job Category - Posting Date 03/16/2026, 08:11 PM Degree Level Bachelor's Degree Job Schedule Full time Locations Downers Grove, IL, United States Wichita, KS, United States Tulsa, OK, United States Tampa, FL, United States St Louis, MO, United States Southfield, MI, United States San Jose, CA, United States San Francisco, CA, United States San Diego, CA, United States Salt Lake City, UT, United States Reno, NV, United States Raleigh, NC, United States Portland, OR, United States Pittsburgh, PA, United States Phoenix, AZ, United States Philadelphia, PA, United States Orlando, FL, United States Newport Beach, CA, United States Oklahoma City, OK, United States New York, NY, United States Minneapolis, MN, United States Milwaukee, WI, United States Melville, NY, United States Los Angeles, CA, United States Kansas City, MO, United States Jacksonville, FL, United States Edison, NJ, United States Houston, TX, United States Hartford, CT, United States Fort Lauderdale, FL, United States Denver, CO, United States Dallas, TX, United States Columbia, SC, United States Cleveland, OH, United States Cincinnati, OH, United States Chicago, IL, United States Charlotte, NC, United States Boston, MA, United States Bellevue, WA, United States Baltimore, MD, United States Austin, TX, United States Atlanta, GA, United States Arlington, VA, United States Appleton, WI, United States #J-18808-Ljbffr Grant Thornton International Ltd