Job description
KPMG is now seeking an Information Security Governance Lead to join the Information Assurance team.
 
The team is integral to KPMG as they define the policies, controls and processes to manage the firm's risk position.  Our skilled subject matter experts enable the business to manage Information Security risk by developing frameworks that will effectively analyse threats and manage the risk they present.
 
Now is an exciting time to join and the successful Lead will be given the breadth to develop and shape the strategy using their technical skills, knowledge and strong capability of stakeholder management and Information Security Governance.
 
The IS Governance Lead will :
 

• Input and management of the delivery of the Information Security Governance Strategy including developing maturity through targeted improvement programmes.
• Manage and monitor all current regulatory, legal, business, contractual and data privacy security requirements, to ensure changes to requirements are identified, assessed, and incorporated into the firm's policies, standards, and controls.   Manage the integration of global policies with the UK firm policies.
• Develop, manage, and maintain effective information security policies, processes, standards, and procedures.  Including integrating with key steering groups to define and implement new or amended policies.
• Perform regular reviews and evaluate policies, standards, processes, and procedures to ensure they are effective and drive continuous improvement for information security.
• Develop and maintain the Information Security Common Control Framework, connecting with Risk and Compliance teams to identify effectiveness.
• Provide advice, guidance, and support to the firm on information security policies, standards, and controls.  
• Maintain, embed, and communicate the ISO27001 Information Security Management System and the Quality System across the CISO function.
• Provide support for internal and external audits; ISO27001, PCI-DSS, Cyber Essentials and Cyber Essentials+, SOC2 and other security compliance programmes.
• Provide regular governance, risk and compliance reporting utilising key risk and key performance indicators and metrics, including regular review of compliance remediation activities.
• Where required provide responses to client information security due diligence questionnaires, as well bid and tender documents to support business development.
• Demonstrate and maintain expertise in information security governance, threats and vulnerabilities, legal and regulatory changes.

 
The Lead's profile will demonstrate the following :
 
Technical:

• Competent work experience in delivering and maturing Information Security policies and controls frameworks.
• Subject matter expertise and practical experience in delivering utilising global frameworks including ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS, NIST Cybersecurity framework and ISF.
• Good understanding of privacy requirements (including GDPR, ISO 27701, etc.).
• Strong working knowledge of the IT security aspects of IT infrastructure (network and servers) and services, including Cloud computing and application security.
• Ability to assess demand and capacity and implement plans to deliver objectives. 
• Security certifications preferred (CISSP, CISM or equivalent).
• Experience of implementation and/or managing automated continuous controls monitoring tools would be beneficial.

 
People:
 

• Strong leadership and demonstrable experience of developing high performing teams.
• Excellent written and verbal communication & negotiation skills.
• Strong analytical and problem-solving skills.