The role holder will sit in the Information Assurance Governance, Risk & Compliance team and will assist in the delivery of a set of Information Security Policies and Standards and supporting artefacts. The role will involve the development and maintenance of these policies and standards, as well as engaging with a variety stakeholders across the KPMG business.
Chief Information Security Officer
Head of Information Assurance
Governance, Risk and Compliance Manager, Information Assurance
Business and functional managers including Business Information Security Officers (BISOs)
IT service provider teams and management
- Carry out detailed mapping exercises to ensure compliance with information security standards, regulation and legislation etc.
- Manage and support workshops with policy area stakeholders and subject matter experts (SMEs) and review and assess the outputs in order to develop and maintain the policy.
- Create and maintain supporting artefacts (including guidelines)
- Provide guidance and advice to the business on how to interpret the policy.
- Support the firm's mission to build client trust and confidence with regard to information security
- Stay abreast of industry best practice in relation to information security governance, risk & compliance
Awareness and collaboration
Establish strong relationships with relevant stakeholders and SMEs (across Information Assurance and IT Service providers).
Work with the Culture and Awareness team to ensure their programmes reflects changes to the policy content and framework.
Build on and preserve the firm's reputation with clients, with regard to information security.
KNOWLEDGE, EXPERIENCE AND SKILLS
Technical knowledge and qualifications
* 5 years' experience of information security in a governance, risk & compliance capacity preferred.
* Previous experience of creating, maintaining and communicating Information Security policies and standards.
* Strong knowledge of information security standards (eg Cyber Essentials, ISO 27001, ISF Standard of Good Practice for Information Security, NIST Cybersecurity Framework, CIS Top 20 Controls).
* Security certifications preferred. (CISSP, CISA or equivalent).
* Ability to prioritize and manage a complex workload, including multiple tasks for themselves under tight time deadlines.
* Ability to deal with a broad range of stakeholders at all levels, both internal and external, in a confident and assured manner.
* Strong influencing skills and ability to demonstrate prior experience of challenging stakeholders to drive policy work forward.
* Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions and recommendations to drive policy development.
* Ability to understand business drivers and risk appetite and align information security policies accordingly.
* Strong writing skills and previous experience of writing policies, standards and supporting guidance in clear and precise language.
* A good team player, with the ability to act independently and exercise sound judgment
* Excellent communication skills, both written and verbal
* Multi-cultural awareness and sensitivity
* Strong integrity, independence and resilience
* Strong work ethic
* Excellent attention to detail combined with strategic vision