Technology Risk Assistant Manager

Grant Thornton UK provides audit, tax and advisory services. We empower clients through strategic insight, curiosity and genuine partnership, and we offer an inclusive culture and work-life balance. This role sits in Grant Thornton's Technology Risk Services (TRS) within the Business Risk Services (BRS) department, delivering tailored, flexible and cost-effective technology risk solutions.

NEW GROUND WON’T BREAK ITSELF. Every day our teams help people in businesses and communities to do what is right and achieve their goals.

• Take ownership of allocated assignments.
• Assist with the preparation of draft terms of reference/audit planning documents and provide input into budgets for technology risk internal audit reviews.
• Deliver fieldwork, ensuring all work is performed in accordance with GT methodologies, appropriate testing has been performed, and evidence to support key decisions has been obtained.
• Support in close-out meetings with clients to ensure they have a full understanding of issues identified and these are agreed.
• Document draft and final internal audit reports, providing appropriate recommendations which are tailored to the needs of the intended audience with minimal Manager and Partner input.
• Assist with client proposals, presentations, and other business development opportunities as necessary.

Knowing you’re right for us — minimum criteria: a relevant professional IT audit qualification (typically CISA, CISM, CISP or similar) and experience in tech risk UK internal auditing. The following skills are desirable (not all are required):

• Experience of scoping, delivering, and reporting on technology internal audits.
• Experience in assessing and testing technical security controls in areas such as firewalls, cloud configurations, network monitoring and antimalware solutions.
• Experience of auditing public (e.g., AWS, Azure and Google Cloud) and private (e.g., VMWare) cloud platforms.
• Experience with auditing ERPs such as SAP S/4 HANA and Oracle Fusion.
• Experience of auditing areas such as Data Protection/Privacy (incl. GDPR), IT Strategy, Change Management, Business Continuity & IT Disaster Recovery, IT Infrastructure (including Databases), and IT asset management.
• Experience of testing IT general controls (ITGCs) and automated IT controls to support SOX audits or Service Attestation Reports (e.g., IASE3402).
• Some experience auditing technology transformation programmes and system implementations.
• Experience of using audit software and Microsoft packages.
• Familiarity with related regulations and frameworks such as Cyber Essentials, NIST, GDPR, etc., would be helpful.
• Strong communication skills (written and oral) and experience of writing IT internal audit reports.

Embracing uniqueness, the culture at Grant Thornton thrives on the contributions of all our people. We value difference and respect our colleagues, helping our people perform at their best and realise their potential. Our open and accessible culture means you’ll interact with leaders who are interested in you and what you bring to our firm, and you’ll have freedom to bring your whole self to work.

Life is more than work. We’re happy to look at flexible working options for all roles and will balance work and life. The impact you can make goes beyond your day job, including opportunities such as secondments, fundraising for local charities, and investing in entrepreneurs in the developing world. This drive to do the right thing runs through our values—purposefully driven, actively curious and candid but kind.

We’re looking for people who want to contribute, spark fresh ideas and go beyond expectations, doing what’s right for the firm, our clients, our people and themselves.