Assistant Manager - Information Security & Client Assurance

Client Assurance- Assistant Manager-MFT-EWT-Security-KBS

Working as part of the KPMG Assurance team within Information Assurance, you will play a key role in ensuring that the business and IT systems are protected and secure. The Client Assurance Assistant Manager reports to the Information Assurance Manager within the Information Assurance Compliance team.

 

The Information Assurance Compliance team play a key role in ensuring that KPMG meet the regulatory and clients’ requirements through managing our ISO27001 Certification, CE/CE+ Certifications, Client Assurance Questionnaires & Audits as well as ensuring that our internal teams and high-risk suppliers are in compliance with KPMGs Information Security controls and IS027001 by conducting internal audits and providing assurance to our key stakeholders.

 

The role requires close co-operation with all KPMG teams and their suppliers (where access is provided to KPMG data), KPMGs clients, regulators and & certifying bodies, some of which are located overseas.

• Ensure security compliance of KPMG and managed service suppliers to ISO27001, CE+, Key Controls and KPMGs Information Security Management Policies by conducting/supporting audits and identifying risks and areas for improvement.
• Provide support for internal & client audit activities, including project management, liaising with areas of the business in scope for audit and other activities to ensure a smooth audit experience.
• Identify and record potential risks identified during internal and supplier audits.
• Maintain and administer the findings register.
• Analyse and consolidate findings, document, and recommend project activities to address complex or grouped findings.
• Manage the risk acceptance process for findings.
• Chase findings owners to ensure that remediation plans are defined, updated, and executed.
• Regularly report progress on addressing and closing findings to senior management and to findings owners.
• Conduct Assurance & Remediations dashboard reporting to ensure that Information Security and KPMG teams understand their current compliance status.
• Verify and validate that finding are closed and log evidence, where required.
• Provide support for client enquiries (questionnaires, follow-up meetings) by working with engagement teams, other areas of the firm as well as the clients to provide responses to such enquiries.
• Support Information Assurance and the wider KPMG firm by managing the ISMS.

Technical:

• Minimum 1 years’ experience working in an Information Security role.
• Good knowledge of IT and Information Security controls.
• Knowledge of IT and Information Security controls.
• Knowledge of information security standards (e.g., Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls).
• ISO 27001 Lead Auditor certificate desirable.
• Experience in Data Protection and legal compliance desirable.
• Ability to determine good practice and identify opportunities for improvement.
• Risk Management knowledge and experience.
• Understanding and knowledge of remediation approaches.
• Good written and verbal communication and presentation skills, teamwork, and customer service skills.
• Technical knowledge of IT /digital systems and infrastructure.
• Experience of producing documentation including Audit Reports, Policies, Standards and Control frameworks.
• Proven Project Management skills.
• Experienced in a wide base of technology and toolsets.

Personal

• Ability to develop and leverage strong relationships with internal and external stakeholders.
• Self-motivated, methodical, working independently, managing own workload.
• Ethical, with the ability to remain impartial and report all non-compliances.
• Organisational skills with attention to detail.
• Ability to work in high-demand, busy environments.
• Ability to quickly learn new technologies and systems.

Experience Level

Mid Level