Information Security Assistant Manager - Client Assurance
- Employer
- KPMG
- Location
- London, United Kingdom
- Salary
- Competitive
- Closing date
- 20 May 2019
View more
- Recruiter Type
- Direct Employer
- Sector
- Consultancy
- Job Role
- Risk Analyst
- Job Type
- Permanent
You need to sign in or create an account to save a job.
AutoReq ID
141071BR
Job Title
Information Security Assistant Manager - Client Assurance
Country
United Kingdom
Location
London
Function
KPMG Business Services
Service Line
QRM
Service Line Information
Quality and Risk Management are the responsibility of each partner and employee. This responsibility includes the need to understand and adhere to member firm policies and associated procedures in carrying out their day-to-day activities. UK Quality & Risk Management teams help to set, implement and enforce policies and procedures designed to help to enable KPMG UK and its personnel to achieve the following key objectives: (i) oversee and monitor service quality, (ii) protect the brand and reputation of KPMG, (iii) comply with laws, (iv) regulations and professional standards, and (v) minimize the risk of financial claims against KPMG UK.
KPMG Overview
KPMG is part of a global network of firms that offers Audit, Tax & Pensions, Consulting, Deal Advisory and Technology services. Through the talent of over 16,000 colleagues, we bring our creativity and insight to our clients' most critical challenges.
With offices across the UK, we work with everyone from small start-ups and individuals to major multinationals, in virtually every industry imaginable. Our work is often complex, yet our vision is simple: to be the clear choice for our clients, for our people and for the communities we work in.
Job Description
Job Purpose
The role holder will be a key resource in the Information Assurance Governance, Risk & Compliance team, supporting the information security aspects of client contracts and related assurance. The role holder will assist client facing teams by providing expert advice and guidance on the status of information security compliance, in accordance with the firm's information security policies.
Key Stakeholders
CISO/Head of Information Assurance
Head of Policy & Compliance, Information Assurance
Client facing teams including Engagement Teams
Key Responsibilities
Client assurance
- Contribute to the process which reviews and agrees the information security aspects of client contracts
- Support the information security aspects of the client assurance and audit process
- Contribute to the creation and maintenance of FAQs to support client queries and assurance
- Respond to queries from the firm's client facing teams on matters to do with the firm's information security position
- Maintain the Information Protection Statement and support the completion of regulator and other external audit questionnaires
- Support the maintenance of the Information Protection Plan template
- Support the firm's mission to build client trust and confidence with regard to information security
- Stay abreast of industry best practice in relation to information security governance, risk & compliance
Risk management
- Support proactive and timely identification and evaluation of non-compliance and information security risks
- Foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalating issues in line with the Information Risk & Control Framework
� Support the Information Assurance Team, as directed
Policy
- Contribute to the development and implementation of the KPMG UK information security policies
- Promote good information security practice and standards across the firm
Compliance/reporting
- Assist in designing the scope and delivery of information assurance and control testing activity, especially with regard to Information Protection Plans
- Support the provision of Key Risk Indicators and Key Performance Indicators
Awareness and collaboration
- Establish strong relationships with client facing teams, as relevant to role
- Establish strong relationships with other relevant stakeholders
- Build on and preserve the firm's reputation with clients, with regard to information security
Knowledge, Experience and Skills
Technical knowledge and qualifications
- Experience of information security in a governance, risk & compliance capacity
- Good working knowledge of information security standards (eg Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls)
- Understanding of risk management
- Understanding of privacy requirements (including GDPR)
- Ability to communicate clearly and simply, both verbally and in writing
- CISSP certification and/or CISA desirable
Leadership skills
- No specific requirements for this role but influencing skills are important.
Analytical skills
- Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions / recommendations
- Ability to understand business drivers and risk appetite and to align information security compliance accordingly
- Problem solving skills
Personal Qualities
- A self-starter, with a proven need for excellence
- A good team player
- Good inter-personal skills and ability to communicate effectively with stakeholders at all levels
- High level of integrity, independence and resilience
- Excellent attention to detail
Our Deal
If the chance to work with interesting clients and innovative technology wasn't rewarding enough, we'll motivate you in other ways too. At KPMG you can expect real responsibilities and opportunities to grow professionally.
'Our Deal' sets out all the different ways you'll be rewarded at KPMG. Among other things you can benefit from honest conversations about your career as well as a range of other rewards. In all these ways and more, we have created an environment that can bring out the best in you.
Flexible Working
While some of our client-facing professionals can be required to travel regularly, and at times be based at client sites, we are supportive where possible of helping you to achieve a balance between your home and work demands.
We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest. Furthermore, as part of the recruitment process, we can put you in touch with people who work flexibly so you can understand from them what our culture is like.
Applying with a Disability
KPMG are proud to be an inclusive, equal opportunity employer and we seek to attract and retain the best people from the widest possible talent pool. As a member of the Business Disability Forum we're committed to ensuring that you are treated fairly throughout our Recruitment Process. Should you be successful after the initial application stage, please discuss any reasonable adjustments that you may require, with your recruitment contact.
KPMG's commitment to diversity
We are proud of the value we place on individuality; we want you to bring your full self to work and truly maximise your potential. We believe that your individuality helps us to deliver the best results for our clients. Diversity of background, diversity of experience, diversity of perspective - that's the KPMG difference. But, don't take our word for it, find out more about diversity at KPMG.
Returning to work after a break
At KPMG, we appreciate that returning to work after an extended career break can be daunting. We understand that those with experience who have taken a career break have a wealth of experience and knowledge to offer our organisation, which helps us to achieve our business goals. We will support you to refresh your skills, develop your confidence and provide a supportive network across the firm to help you best integrate into the working environment. This role welcomes applications for individuals who have been out of work for 18 months or more and who have previous relevant experience.
Policy for Agencies
KPMG has a commitment to sourcing candidates directly and as such we do not accept speculative CV's from agencies. Please check here to see our policy on agencies: Policy
Job Segment: Information Security, Information Technology, IT Manager, Assistant Manager, Technology, Management, Security
141071BR
Job Title
Information Security Assistant Manager - Client Assurance
Country
United Kingdom
Location
London
Function
KPMG Business Services
Service Line
QRM
Service Line Information
Quality and Risk Management are the responsibility of each partner and employee. This responsibility includes the need to understand and adhere to member firm policies and associated procedures in carrying out their day-to-day activities. UK Quality & Risk Management teams help to set, implement and enforce policies and procedures designed to help to enable KPMG UK and its personnel to achieve the following key objectives: (i) oversee and monitor service quality, (ii) protect the brand and reputation of KPMG, (iii) comply with laws, (iv) regulations and professional standards, and (v) minimize the risk of financial claims against KPMG UK.
KPMG Overview
KPMG is part of a global network of firms that offers Audit, Tax & Pensions, Consulting, Deal Advisory and Technology services. Through the talent of over 16,000 colleagues, we bring our creativity and insight to our clients' most critical challenges.
With offices across the UK, we work with everyone from small start-ups and individuals to major multinationals, in virtually every industry imaginable. Our work is often complex, yet our vision is simple: to be the clear choice for our clients, for our people and for the communities we work in.
Job Description
Job Purpose
The role holder will be a key resource in the Information Assurance Governance, Risk & Compliance team, supporting the information security aspects of client contracts and related assurance. The role holder will assist client facing teams by providing expert advice and guidance on the status of information security compliance, in accordance with the firm's information security policies.
Key Stakeholders
CISO/Head of Information Assurance
Head of Policy & Compliance, Information Assurance
Client facing teams including Engagement Teams
Key Responsibilities
Client assurance
- Contribute to the process which reviews and agrees the information security aspects of client contracts
- Support the information security aspects of the client assurance and audit process
- Contribute to the creation and maintenance of FAQs to support client queries and assurance
- Respond to queries from the firm's client facing teams on matters to do with the firm's information security position
- Maintain the Information Protection Statement and support the completion of regulator and other external audit questionnaires
- Support the maintenance of the Information Protection Plan template
- Support the firm's mission to build client trust and confidence with regard to information security
- Stay abreast of industry best practice in relation to information security governance, risk & compliance
Risk management
- Support proactive and timely identification and evaluation of non-compliance and information security risks
- Foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalating issues in line with the Information Risk & Control Framework
� Support the Information Assurance Team, as directed
Policy
- Contribute to the development and implementation of the KPMG UK information security policies
- Promote good information security practice and standards across the firm
Compliance/reporting
- Assist in designing the scope and delivery of information assurance and control testing activity, especially with regard to Information Protection Plans
- Support the provision of Key Risk Indicators and Key Performance Indicators
Awareness and collaboration
- Establish strong relationships with client facing teams, as relevant to role
- Establish strong relationships with other relevant stakeholders
- Build on and preserve the firm's reputation with clients, with regard to information security
Knowledge, Experience and Skills
Technical knowledge and qualifications
- Experience of information security in a governance, risk & compliance capacity
- Good working knowledge of information security standards (eg Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls)
- Understanding of risk management
- Understanding of privacy requirements (including GDPR)
- Ability to communicate clearly and simply, both verbally and in writing
- CISSP certification and/or CISA desirable
Leadership skills
- No specific requirements for this role but influencing skills are important.
Analytical skills
- Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions / recommendations
- Ability to understand business drivers and risk appetite and to align information security compliance accordingly
- Problem solving skills
Personal Qualities
- A self-starter, with a proven need for excellence
- A good team player
- Good inter-personal skills and ability to communicate effectively with stakeholders at all levels
- High level of integrity, independence and resilience
- Excellent attention to detail
Our Deal
If the chance to work with interesting clients and innovative technology wasn't rewarding enough, we'll motivate you in other ways too. At KPMG you can expect real responsibilities and opportunities to grow professionally.
'Our Deal' sets out all the different ways you'll be rewarded at KPMG. Among other things you can benefit from honest conversations about your career as well as a range of other rewards. In all these ways and more, we have created an environment that can bring out the best in you.
Flexible Working
While some of our client-facing professionals can be required to travel regularly, and at times be based at client sites, we are supportive where possible of helping you to achieve a balance between your home and work demands.
We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest. Furthermore, as part of the recruitment process, we can put you in touch with people who work flexibly so you can understand from them what our culture is like.
Applying with a Disability
KPMG are proud to be an inclusive, equal opportunity employer and we seek to attract and retain the best people from the widest possible talent pool. As a member of the Business Disability Forum we're committed to ensuring that you are treated fairly throughout our Recruitment Process. Should you be successful after the initial application stage, please discuss any reasonable adjustments that you may require, with your recruitment contact.
KPMG's commitment to diversity
We are proud of the value we place on individuality; we want you to bring your full self to work and truly maximise your potential. We believe that your individuality helps us to deliver the best results for our clients. Diversity of background, diversity of experience, diversity of perspective - that's the KPMG difference. But, don't take our word for it, find out more about diversity at KPMG.
Returning to work after a break
At KPMG, we appreciate that returning to work after an extended career break can be daunting. We understand that those with experience who have taken a career break have a wealth of experience and knowledge to offer our organisation, which helps us to achieve our business goals. We will support you to refresh your skills, develop your confidence and provide a supportive network across the firm to help you best integrate into the working environment. This role welcomes applications for individuals who have been out of work for 18 months or more and who have previous relevant experience.
Policy for Agencies
KPMG has a commitment to sourcing candidates directly and as such we do not accept speculative CV's from agencies. Please check here to see our policy on agencies: Policy
Job Segment: Information Security, Information Technology, IT Manager, Assistant Manager, Technology, Management, Security
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert