Information Risk Assessment Assistant Manager
- Employer
- KPMG
- Location
- London, United Kingdom
- Salary
- Competitive
- Closing date
- 14 Jun 2022
View more
- Sector
- Consultancy
- Job Role
- Risk Analyst
- Job Type
- Permanent
You need to sign in or create an account to save a job.
Job description
Information Risk Assessment Assistant Manager - Grade D
Key Stakeholders include:
Chief Information Security Officer, Head of Information Assurance, and Head of Security Operations
Business and functional managers across the firm including Project Managers, BISOs (Business Information Security Officers), Procurement, and Supplier Managers
Chief Information Officer, and the IT Service Provider community in the firm
Senior Managers, Directors, and Partners from across the UK firm, KPMG Global, and other KPMG member firms who act as Information/Application/Product Owners
Key Responsibilities
Skills Requirements
Information Risk Assessment Assistant Manager - Grade D
Key Stakeholders include:
Chief Information Security Officer, Head of Information Assurance, and Head of Security Operations
Business and functional managers across the firm including Project Managers, BISOs (Business Information Security Officers), Procurement, and Supplier Managers
Chief Information Officer, and the IT Service Provider community in the firm
Senior Managers, Directors, and Partners from across the UK firm, KPMG Global, and other KPMG member firms who act as Information/Application/Product Owners
Key Responsibilities
- Support the delivery of a highly quality and timely information risk assessment (including Business Impact Assessment) service to the firm
- Support the information risk assessment capability and team
- Information risk assessment
- Support the requirements of the firm's information risk management framework, to ensure a consistent and structured approach to information risk management is taken across the firm
- Provide consulting advice to project managers and other stakeholders on how best to implement the firm's information security policies
- Support the firm's mission to build client trust and confidence with regard to information security generally and information risk assessment specifically
Stay abreast of industry best practice in relation to information risk assessment, and information technologies.
Policy - Proactively foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalating issues in line with the Information Risk Management Framework.
- Support the development of the UK firm's information security policies
Promote good information security practice and standards across the firm's Risk management - Support the on-going development and maintenance of the firm's Information Risk Management Framework, including its supporting methodologies, processes and artefacts.
- Establish strong relationships with business and functional teams
- Awareness and collaboration
- Establish effective relationships with IT service providers and other relevant stakeholders
- Build on and preserve the firm's reputation with clients, with regard to information security
Skills Requirements
- Technical knowledge and qualifications
- Demonstrable experience of information security within a specific information risk consulting and assessment/audit capacity
Good knowledge of one or more information security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls) - Good understanding of privacy requirements (including GDPR)
- Leadership skills
- Good working knowledge of the IT security aspects of IT infrastructure (network and servers) and services, including Cloud computing
Security certifications essential or working towards (CISSP, CISA, CRISC or equivalents) - Strong influencing skills
- Ability to deal with a broad range of stakeholders at all levels, both internal and external, in a confident and assured manner
- Analytical skills
- Ability to prioritise and manage a complex workload, including multiple tasks for themselves.
- Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions and recommendations
- Ability to understand business drivers and risk appetite and to align information security compliance accordingly
- Strong analytical and problem solving skills
- Personal qualities
- A good team player, with the ability to act independently and exercise sound judgment
- Excellent communication skills, both written and verbal
- Multi-cultural awareness and sensitivity
- Strong integrity, independence and resilience
- Excellent attention to detail combined with strategic vision
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert