Regional Information Security Manager

Job Description

GISG (Global Information Security Group) is one of five domains within KPMG’s Global Technology & Knowledge group. GISG provides the information protection and technology infrastructure that secures KPMG’s technology environment and connects its network of member firms. GISG works with the other GT&K domains to ensure that appropriate security controls are in place for KPMG technology solutions.

Responsibilities

• Support RISO in advising member firms on the implementation of KPMG information risk and security standards / requirements.
• Maintain an up-to-date knowledge base comprising of a technical reference library, security advisories and alerts, information on global standard and best practices.
• Work with RISO to support member firm in improving their global technology standard compliance status.
• Recommend and support member firms to adopt technical controls to support and enforce defined security policies and global technology standard. 
• Provide guidance on best practice, including infrastructure configuration and application development.
• Assess and provide recommendations on any exceptions to policies or standards.
• Monitor and report a consolidated regional view of global technology standard adoption status.

Requirements

• Background working on large-scale international services and the ability to manage multiple processes and service delivery at once while building constructive working relationships across the different teams, functions, cultures, genders and demonstrating KPMG behaviors and values.
• Security Operations / Managed Security Services experience preferred
• Working knowledge of multiple security topics such as threat intelligence, vulnerability management products, firewall management OR endpoint protection
• Experienced in deployment and maintenance of Microsoft products
• Keeps abreast of security related technology, practices and regulations in the marketplace and validates tools for use to improve the Managed Security Services offerings
• Experience in working in a matrix management environment.
• Bachelor's degree in Computer Science, Information Security, Information Systems, Computer Engineering, or a related field is required.
• Minimum 5 years of experience developing or managing an enterprise level of security programs.
• At least one industry certification preferred (e.g. CISSP, CISA, CISM, CRISC, ISAAP).
• Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO highly desired.
• Strong oral and written communication skills.
• Must have strong analytical and critical-thinking skills.
• High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities.

#LI-AH1

⠀