Grant Thornton LLP GTI Manager of Cybersecurity Operations Tulsa , Oklahoma Apply Now In our Go Beyond network strategy 2025 our vision is to become 'the most valued network in the profession'. The Manager of Cybersecurity Operations plays a crucial role in managing the proactive, operational and reactive cybersecurity posture for GTIL and member firms globally. Reporting directly to the lead of GTIL's cybersecurity operations and with key relationships to IT Operations and the Managed Security Service Provider (MSSP), this role provides subject matter expertise and orchestration across a wide range of cybersecurity services and solutions. This includes planning, implementation, operations, maintenance and continual improvement of these services and solutions to provide the best insight, protection and value for the organisation. Cybersecurity Operations Manage the various cybersecurity operational and monitoring tools for GTIL (and globally where tools extend across Member Firms). Liaise with the various Business Unit stakeholders, MSSP, and cybersecurity vendors, with regards to planning, provision and maintenance of operational and monitoring tools. Liaising with the GTIL Security Architect and IT Operations to implement responsibility and accountability across Identity Access Management (IAM) services. Respond to, redirect or escalate GTIL and Member Firm queries, in relation to impacting cybersecurity operations and potential threats. Oversee the security training and awareness programmes for GTIL. Hold various privileged functional roles within cybersecurity and IT operational platforms, as defined by team RACI models. Function as cybersecurity proxy on the IT/Shared Services Change Advisory Boards (CAB). Develop and maintain documentation of cybersecurity operations. Cybersecurity Engineering Support Enforce security policies via technical configuration and end user awareness. Assist in successfully planning, testing, validating, and documenting secure configurations across multiple core platforms. Manage the identification, classification, labelling and protection of data across various productivity platforms. Actively participate in industry-specific threat intelligence sharing groups and forums to contribute insights and gain valuable knowledge on emerging threats. Design and implement advanced threat intelligence capabilities, including the development of automated processes for data collection, analysis, and dissemination. Assist in improving implementation of automated incident response via SOAR and workflows. Risk Engagement – Advisory and Reporting Evaluate and advise on existing systems design and operational functions relative to security best practices and compliance requirements. Evaluate the security impact of changes to information systems and provide commensurate risk advice. Engage in complex technical discussions with other technical teams; Provide clear guidance on the security requirements of those issues or projects. Independently research and analyse emerging cyber threats, vulnerabilities, tactics, techniques, and procedures (TTPs) Assist in the design and management of appropriate risk management processes to collect, analyse and report on industry wide, imminent and emerging cybersecurity risks to GTIL and member firms. Liaise with key IT, Business Unit stakeholders and vendors to conduct technical probing and analysis of GTIL's information security architecture and defensive controls. Assist in testing methods to identify ways that attackers could exploit weaknesses in security systems. Assist in the development and maintenance of documentation on vulnerability assessments, threat modelling and risk remediation processes. Determine the need to escalate a security incident to Cyber Operations management. Assist in root cause analysis, evaluate capability maturity and optimise future security incident handling through process improvements. Assist in development and maintenance of documentation on cyber security incident playbook and runbooks, process workflow, incident handling and response capabilities. ~ Supporting the Associate Director and other Cybersecurity leadership in meeting and delivering department and strategic objectives. At Grant Thornton, we believe in making business more personal and building trust into every result – for our clients and you. Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support. The team you're about to join is ready to help you thrive. Here, you are supported to prioritize your overall well-being through work-life integration options that work best for you and those in your household. • When it comes to inclusion, we are committed to doing more than checking boxes. Explore all the ways we're taking action for diversity, equity & inclusion at Benefits for internship positions: Grant Thornton interns are eligible to participate in the firm's medical, dental and vision insurance programs and the firm's employee assistance program. Interns also receive a minimum of 72 hours of paid sick leave, and are paid for firm holidays that fall within their internship period. Benefits for seasonal employee positions: Grant Thornton seasonal employees are eligible to participate in the firm's medical, dental and vision insurance programs and the firm's employee assistance program. Seasonal employees may also be eligible to participate in the firm's 401(k) savings plan and employee retirement plan in accordance with applicable plan terms and eligibility requirements. Seasonal employees receive a minimum of 72 hours of paid sick leave. Grant Thornton employees may be eligible for a discretionary, annual bonus based on individual and firm performance, subject to the terms, conditions and eligibility criteria of the applicable bonus plan or program. Interns and seasonal employees are not eligible for bonus compensation. It is the policy of Grant Thornton to promote equal employment opportunities. All personnel decisions (including, but not limited to, recruiting, hiring, training, working conditions, promotion, transfer, compensation, benefits, evaluations, and termination) are made without regard to race, color, religion, national origin, sex, age, marital or civil union status, pregnancy or pregnancy-related condition, sexual orientation, gender identity or expression, citizenship status, veteran status, disability, handicap, genetic predisposition or any other characteristic protected by applicable federal, state, or local law. Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws, it is the policy of Grant Thornton to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. We will consider for employment all qualified Applicants, including those with Criminal Histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. #