Key skills
SDLCLeadershipRisk ManagementCollaboration
About this role
Role Overview
- Lead the Information Security Organisation, including the direction and evolution of the information security program, working with leadership to budget and plan the security function accordingly and ensure alignment with Global information security priorities and strategy.
- Provide leadership insight into information security matters and escalation and promote adherence to KPMG information protection policies and other relevant policies.
- Act as the point of contact for the Global Information Security Group (GISG) and GQRM – Global Digital Risk (GDR).
- Participate in regular Global meetings and other relevant forums.
- Establish and maintain relationships with NITSOs from network firm locations.
- Create, maintain and report on information security metrics.
- Liaise with relevant stakeholders including Business Functions, Technology Groups, Legal, Privacy, and Human Resources.
- Evaluate the information security provisions for working with other member firms, to ensure compliance with the IFDTAs.
- Oversee the information security risk assessment process, tools and solutions used and facilitate risk treatment.
- Accountable for assessing third-party risks, including the initial and ongoing risk assessment of suppliers and their compliance with contractual terms.
- Ensure regular review of all security policies and standards, including their implementation.
- Ensure that all relevant stakeholders are notified of changes to global information security policies and standards.
Requirements
- Extensive and proven experience within information security and risk management
- Hold industry standard accreditation or certifications. (i.e., CISSP, CISM, ISO 27001)
- Be familiar with current data privacy regulations, including GDPR.
- Have understanding and experience with Secure SDLC and DevSecOps or security automation.
- Be capable of understanding and communicating the business impact that infosec operations have on the organisation.
- Understand the requirements of relevant information security frameworks and attestations including for example ISO 27001, NIST, SOC2, SoQM
- Strong strategic thinking and decision‑making skills, with the ability to prioritise and balance security, business needs, and operational constraints.
- Advanced problem‑solving and analytical skills, including the ability to assess complex security issues and propose pragmatic, risk‑based solutions.
- Proven project and program management capabilities, including planning, prioritisation, and delivery of multiple security initiatives in parallel.
- High level of resilience and the ability to perform under pressure, particularly when managing security incidents or time‑critical issues.
Tech Stack
- SDLC
Benefits
- KDN is Inclusive! Everyone brings a unique perspective. We want to harness diverse thinking by bringing bright minds together and valuing the differences that lead to stronger insights and innovation.
- We want to attract, retain and develop diverse talent at all levels. This means recruiting from the widest possible pool of talent, removing barriers that can prevent our people from reaching their full potential, and fostering a fully inclusive environment which maximises collaboration and empowers everyone at KPMG to bring their whole selves to work.