Our focus is to help you identify and manage the cyber risks you might be facing within your organization.

Our team can provide detailed, actionable insight that incorporates industry best practices and standards to strengthen your cybersecurity position and help you make informed decisions.

How can our team help?

IT governance and risk management

We can help you maximize your cybersecurity capabilities, manage potential threats, and open a way towards broader opportunities for your organization. We can help you develop and implement the right cybersecurity risk strategies aligned with your industry, regulatory posture, markets, business, and technology strategy.


We can assist you in creating, implementing, and improving controls to help you manage and address data protection and privacy. We help organizations comply with data privacy regulations through compliance audits, privacy impact assessment, and privacy policy review or documentation.

System and organization controls reports

We provide third-party assurance services following relevant professional standards such as International Standard on Assurance Engagements (ISAE) 3402, ISAE 3000, and Statement on Standards for Attestation Engagements 18. These include System and Organization Controls (SOC) reports and other special attestation reports to accommodate your specific requirements.

IT audit services

We provide outsourced and co-sourced internal audit services, including information technology (IT) audits, to organizations of all sizes.

Digital identity

We enable clients to design and implement holistic access management strategies to enhance their customer, employee, and device interactions in alignment with their cyber threat profile and business strategy.

Application security

We enable clients to build and secure their enterprise applications as part of their mobile and cloud strategic initiatives for global growth.

Information security

We help organizations understand, manage, and improve their cybersecurity capabilities through vulnerability assessment and penetration testing, cybersecurity awareness programs, and assessment of information security management systems (ISMS). We can also help you develop or review your ISMS manual, business continuity plans and disaster recovery plans, incident response strategies, and other operational IT policies and procedures.

Incident management

We will assist you in strategically planning for internal and external breach events.

Our Cyber advisory

Vigil@nt Cybersecurity

Grant Thornton’s Vigil@nt Cybersecurity services help you design, implement, and monitor cybersecurity awareness and training programs. With our combined expertise and experience in cybersecurity consulting and learning and development services, we can provide your employees with up-to-date and relevant cybersecurity awareness content delivered through an automated learning and phishing simulation platform that makes learning more effective — and makes your employees more vigilant against real-life cybersecurity attacks in today’s increasingly digital world.

Get in touch
Practice Leader, Advisory Services; Knowledge Management Leader
Michael C. Gallego
Michael C. Gallego
Practice Leader, Advisory Services; Knowledge Management Leader
Michael C. Gallego