Job description
Assistant Manager - Financial Services - Cyber Risk Quantification
 
Our UK Cyber Practice

• KPMG is acknowledged by Forrester as a leader in providing cyber security consultancy. We are investing in building our Financial Services Cyber team to meet growing demand and provide a comprehensive range of services to many of the largest financial services companies.
• We help our clients protect, detect and respond to high end cyber threats; helping them understand the cyber threat landscape, make sensible decisions on investment priorities, and build the specialist capabilities they need to counter financial crime and other threats.
• We believe that cyber security is about helping our clients to harness business opportunities safely and securely. For us, cyber security isn't just a technical issue, it is one which engages the whole business and focusses on a holistic approach to understanding and mitigating the risk.

The Team

• Our Cyber Risk Quantification team sits within our rapidly growing Cyber practice. The team works closely with all service lines within Cyber Security and also with KPMG's broader advisory practice, including the data modelling and software engineering teams. The team also works closely with KPMG member firms across the globe to ensure we collaborate and bring the most differentiated and innovative cyber risk quantification solutions to our clients. 
• We are keen to recruit a talented Assistant Manager level candidate who has the energy and drive to deliver and help further develop the solutions we take to our clients.
• The team works in an agile and flexible manner, with plenty of opportunities to develop new skills and gain new knowledge. We are keen to support and develop our people to enable them to be the best they can be.
• We believe we are market leaders in promoting diversity and inclusion in the workplace and want to encourage applications from people of all backgrounds and cultures. 
• Take a look at our website with the link below to see "What Makes Us Different"

http://www.kpmg.com/UK/en/about/WhatMakesUsDifferent/Diversity/Pages/default.aspx

The Role

• You will be an Assistant Manager within the Cyber Risk Quantification team helping to deliver cyber risk strategy, assessment, and quantification engagements to our clients and grow both our capability and our business. You should expect to be involved in a wide range of challenging engagements - using your knowledge and expertise of cyber risk to bring our tooling and methodologies to our clients.  
• We are also always looking to develop these tools and methodologies, so you should expect to be part of a team that actively encourages innovation and 'outside of the box' thinking. 

 
Responsibilities

• Day to day in the Cyber Risk Quantification team, you should expect to be:
  • Client facing
    • Supporting delivery of cyber risk quantification engagements to our clients. These engagements are, for example, often to help clients shape their cyber strategies and investment portfolios, advance their approach to cyber risk assessment, and/or develop higher quality Board level cyber risk reporting. In particular, your delivery responsibilities would include:
      • Working with colleagues and clients to conduct cyber risk assessments, that quantify a client's cyber risk and deliver actionable insights such as which controls they should prioritise their investment into.
      • Conducting assessments to measure the effectiveness of cyber security controls, the likelihood of cyber risk scenarios (e.g. ransomware), and the amount of loss that these scenarios will incur.
      • Helping produce reports for clients that clearly present findings and provide recommendations.
    • Participating in client business development conversations to help them evaluate where we can help them.
    • Helping to build trusted client relationships, ensuring we are thought of as a trusted advisor who our clients can receive clear and objective advice from
  • Service development:
    • Helping to further innovate and develop our cyber risk quantification tools and methodologies.
    • Maintaining your knowledge of the cyber threat landscape to ensure our cyber scenario modelling is kept current.
    • Maintaining your knowledge of industry standard frameworks (e.g. MITRE ATT&CK and FAIR) to ensure our methodologies are aligned with good practice and the frameworks that our clients are often familiar with.
    • Authoring and/or contributing to whitepapers, thought leadership and/or blog posts on the topic.
    • Actively participating in industry conferences, panels and special interest groups.

 
Experience & Skills
Specific to the role, we expect that you will have:

• Primary
  • Proven experience evaluating client cyber risk problems and recommending appropriate solutions (e.g. through cyber risk assessment using NIST CSF / 800-53/30, ISO 27k, ISF SoGP, etc)
  • Proven experience developing clear and actionable cyber risk management information to different levels of audience within an organisation.
  • Knowledge of the cyber threat landscape - including types of threat actors, their motives, how they typically conduct attacks, and what organisations can do through strategic programmes to reduce likelihood of attacker success.
  • Proven experience selecting the right mechanisms (e.g. Excel, PowerPoint, Word) to clearly structure, communicate and/or execute your thinking.
  • An understanding of a wide range of relevant industry standard frameworks, methodologies, principles and technologies.
• Secondary
  • An analytical background
  • More generally, we expect that you will have:
    • Proven experience successfully delivering engagements in a commercial environment, ensuring the delivery of high-quality work on time and to budget
    • Proven experience delivering high quality work, including inspiring quality work in others 
    • Excellent written and verbal communication skills
    • Excellent presentation skills 

 
Qualifications:

• Degree level qualified preferred
• Open FAIR Certification or equivalent is desirable
• Recognised cyber security qualifications (e.g. CISSP, CISM, M.Inst ISP, etc.), or comparable experience advantageous

 
Additional Information
The role will be based at any of our UK offices, but will include travel; candidates must have a willingness to travel frequently, both domestically and internationally on occasions, with the potential to be away from home for set periods of time.