Technical Security and Compliance Analyst

Technical Security & Compliance Analyst

The Technical Security & Compliance Analyst is responsible for identity and access management, application security reviews, privacy assessments, and governance activities across Global People applications. The role ensures compliance with KPMG’s global security, privacy, and technical standards through collaboration with Global IT, GISG, and application stakeholders.

Key Responsibilities

Security & Privacy Reviews (Primary Focus)

• Lead SAR, ATO, privacy assessments, and related assurance activities.

• Prepare and submit PIAs and supporting documentation.

• Coordinate penetration tests, code scans, and remediation tracking.

• Maintain audit‑ready security and privacy assessment records.

  Identity & Access Management

• Manage Azure AD access, groups, SSO settings, MFA, and certificate lifecycle.

• Ensure IAM processes align with global policies and internal controls.

  Technical Governance & Documentation

• Maintain architecture diagrams and technical governance documentation.

• Support due diligence for new implementations and enhancements.

• Identify governance control gaps and propose improvements.

  Implementation & DevOps Support

• Provide security requirements for new deployments and changes.

• Ensure releases follow secure design and documentation standards.

  Knowledge Management

• Develop and maintain a central knowledge management database.

• Document processes, templates, FAQs, and runbooks.

• Ensure knowledge content is searchable and current.

  Stakeholder Management

• Collaborate and facilitate meetings/ project with GISG, Global IT, and application teams.

• Communicate risks and required actions clearly to stakeholders.

• Serve as SME for security, privacy, and IAM inquiries.

  Qualifications & Experience

• 2+ years in IT security, privacy, IAM, or governance.

• Experience and/or exposure to supporting security and privacy reviews (e.g., SAR, ATO, internal or regulatory audits), with interest in learning security controls and strengthening review processes.

• Exposure to or hands‑on experience with IAM concepts and tools, including Azure AD, SSO, MFA, and access lifecycle management.

• Working knowledge of SaaS and cloud‑based applications (e.g., SAP SuccessFactors, AWS or similar), with the ability to quickly learn new platforms in a security‑conscious manner.

• Experience using or experimenting with AI tools in a corporate environment to support documentation, knowledge management, or operational efficiency, aligned with KPMG security, privacy, and Responsible AI principles.

• Experience contributing to or maintaining knowledge management platforms (e.g., ServiceNow, SharePoint, Confluence) to improve documentation quality and knowledge reuse.

• Strong written communication and documentation skills, with the ability to clearly explain technical or security concepts.

• Experience working in a global or cross‑functional environment, demonstrating initiative, accountability, and ownership.

Preferred Skills

• Must have experience with deploying applications to Azure.
• Must have experience with configuring SSO using Azure AD SSO.
• Must have experience implementing SaaS platforms.
• Must have experience with an information security review process.
• Must have experience in working with Azure Dev Ops.
• Must have experience with secure file transfer protocols.
• Must have experience in developing technical architecture documentation and diagrams.
• Must have experience in a global organization.
• Experience with SAP Success Factors is a plus.
• Strong written and verbal communications skills are required.
• Must have at least 3 years of experience as an IT professional.

Must have at least 2 years of Solution Architect experience.

The Technical Security & Compliance Analyst is responsible for identity and access management, application security reviews, privacy assessments, and governance activities across Global People applications. The role ensures compliance with KPMG’s global security, privacy, and technical standards through collaboration with Global IT, GISG, and application stakeholders.

Key Responsibilities

Security & Privacy Reviews (Primary Focus)

• Lead SAR, ATO, privacy assessments, and related assurance activities.

• Prepare and submit PIAs and supporting documentation.

• Coordinate penetration tests, code scans, and remediation tracking.

• Maintain audit‑ready security and privacy assessment records.

  Identity & Access Management

• Manage Azure AD access, groups, SSO settings, MFA, and certificate lifecycle.

• Ensure IAM processes align with global policies and internal controls.

  Technical Governance & Documentation

• Maintain architecture diagrams and technical governance documentation.

• Support due diligence for new implementations and enhancements.

• Identify governance control gaps and propose improvements.

  Implementation & DevOps Support

• Provide security requirements for new deployments and changes.

• Ensure releases follow secure design and documentation standards.

  Knowledge Management

• Develop and maintain a central knowledge management database.

• Document processes, templates, FAQs, and runbooks.

• Ensure knowledge content is searchable and current.

  Stakeholder Management

• Collaborate and facilitate meetings/ project with GISG, Global IT, and application teams.

• Communicate risks and required actions clearly to stakeholders.

• Serve as SME for security, privacy, and IAM inquiries.

  Qualifications & Experience

• 2+ years in IT security, privacy, IAM, or governance.

• Experience and/or exposure to supporting security and privacy reviews (e.g., SAR, ATO, internal or regulatory audits), with interest in learning security controls and strengthening review processes.

• Exposure to or hands‑on experience with IAM concepts and tools, including Azure AD, SSO, MFA, and access lifecycle management.

• Working knowledge of SaaS and cloud‑based applications (e.g., SAP SuccessFactors, AWS or similar), with the ability to quickly learn new platforms in a security‑conscious manner.

• Experience using or experimenting with AI tools in a corporate environment to support documentation, knowledge management, or operational efficiency, aligned with KPMG security, privacy, and Responsible AI principles.

• Experience contributing to or maintaining knowledge management platforms (e.g., ServiceNow, SharePoint, Confluence) to improve documentation quality and knowledge reuse.

• Strong written communication and documentation skills, with the ability to clearly explain technical or security concepts.

• Experience working in a global or cross‑functional environment, demonstrating initiative, accountability, and ownership.

Preferred Skills

• Must have experience with deploying applications to Azure.
• Must have experience with configuring SSO using Azure AD SSO.
• Must have experience implementing SaaS platforms.
• Must have experience with an information security review process.
• Must have experience in working with Azure Dev Ops.
• Must have experience with secure file transfer protocols.
• Must have experience in developing technical architecture documentation and diagrams.
• Must have experience in a global organization.
• Experience with SAP Success Factors is a plus.
• Strong written and verbal communications skills are required.
• Must have at least 3 years of experience as an IT professional.

Must have at least 2 years of Solution Architect experience.

The Technical Security & Compliance Analyst is responsible for identity and access management, application security reviews, privacy assessments, and governance activities across Global People applications. The role ensures compliance with KPMG’s global security, privacy, and technical standards through collaboration with Global IT, GISG, and application stakeholders.

Key Responsibilities

Security & Privacy Reviews (Primary Focus)

• Lead SAR, ATO, privacy assessments, and related assurance activities.

• Prepare and submit PIAs and supporting documentation.

• Coordinate penetration tests, code scans, and remediation tracking.

• Maintain audit‑ready security and privacy assessment records.

  Identity & Access Management

• Manage Azure AD access, groups, SSO settings, MFA, and certificate lifecycle.

• Ensure IAM processes align with global policies and internal controls.

  Technical Governance & Documentation

• Maintain architecture diagrams and technical governance documentation.

• Support due diligence for new implementations and enhancements.

• Identify governance control gaps and propose improvements.

  Implementation & DevOps Support

• Provide security requirements for new deployments and changes.

• Ensure releases follow secure design and documentation standards.

  Knowledge Management

• Develop and maintain a central knowledge management database.

• Document processes, templates, FAQs, and runbooks.

• Ensure knowledge content is searchable and current.

  Stakeholder Management

• Collaborate and facilitate meetings/ project with GISG, Global IT, and application teams.

• Communicate risks and required actions clearly to stakeholders.

• Serve as SME for security, privacy, and IAM inquiries.

  Qualifications & Experience

• 2+ years in IT security, privacy, IAM, or governance.

• Experience and/or exposure to supporting security and privacy reviews (e.g., SAR, ATO, internal or regulatory audits), with interest in learning security controls and strengthening review processes.

• Exposure to or hands‑on experience with IAM concepts and tools, including Azure AD, SSO, MFA, and access lifecycle management.

• Working knowledge of SaaS and cloud‑based applications (e.g., SAP SuccessFactors, AWS or similar), with the ability to quickly learn new platforms in a security‑conscious manner.

• Experience using or experimenting with AI tools in a corporate environment to support documentation, knowledge management, or operational efficiency, aligned with KPMG security, privacy, and Responsible AI principles.

• Experience contributing to or maintaining knowledge management platforms (e.g., ServiceNow, SharePoint, Confluence) to improve documentation quality and knowledge reuse.

• Strong written communication and documentation skills, with the ability to clearly explain technical or security concepts.

• Experience working in a global or cross‑functional environment, demonstrating initiative, accountability, and ownership.

Preferred Skills

• Must have experience with deploying applications to Azure.
• Must have experience with configuring SSO using Azure AD SSO.
• Must have experience implementing SaaS platforms.
• Must have experience with an information security review process.
• Must have experience in working with Azure Dev Ops.
• Must have experience with secure file transfer protocols.
• Must have experience in developing technical architecture documentation and diagrams.
• Must have experience in a global organization.
• Experience with SAP Success Factors is a plus.
• Strong written and verbal communications skills are required.
• Must have at least 3 years of experience as an IT professional.

Must have at least 2 years of Solution Architect experience.