Information Risk Assistant Manager

Job Description

Job description Title: Information Risk Assistant Manager (Grade D)Business unit: Information Risk, Information Assurance The TeamThe role holder will be a key assistant manager in the Information Assurance team, supporting the information risk & reportingaspects of Information Assurance. The role holder will be responsible for helping to implement the Information Risk Management framework, including providing the status of information risk and compliance across the firm, managing risk reporting and supportingthe ISMS methodology documents for the UK firms ISO 27001 certificationThe RoleRisk management Support the development of the firms Information Risk Management framework, including the day to day processes, artefacts, and providing requirements as inputfor GRC tooling and solution design Coordinate GRC tooling architecture and platform changes that may impact the Information Risk Management framework Assist with reviewing the output of the Information Risk Management framework implementation, operations,audit and compliance checks to ensure the framework is operating as designedCommunicate with UK Enterprise Risk Management (ERM) resources to ensure alignment and integration Identify and propose improvements to the Information Risk Management frameworkbased on changes in requirements (e.g. KPMG global requirements, ISO 27001, Cyber Essentials, audit findings, information security strategy, etc.) and emerging challenges Monitor information security risks captured within Information Assurance which may bepopulated from multiple information security risk sources (e.g. Risk Assessment team, etc.) and help run the day to day operations of the Information Risk Register.Support the Information Risk Management framework operations, management and governance bodiesto allow them to assess the Information Security risk position on a regular basis with an Information Security view and with input across KPMG UK where feasibleSupport any Information Risk Management framework communications, outside of the InformationSecurity function,Foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalating issues as necessary Support the firms mission to build clienttrust and confidence with regard to information security Stay abreast of industry best practice in relation to information security governance, risk & complianceGovernance Assist with coordinating the formal governance review required to support the firmsInformation Security Management SystemCoordinate governance alignment with the UK ISO 27001 information security management system Support the relationship with GRC tooling providers (currently SureCloud and ServiceNow) Support the Information Risk Managerin making the Information Assurance risk governance bodies effectiveProvide information risk management input into Capability and Regional risk agendas as requiredReporting Assist with the creation and provision of meaningful and actionable informationrisk reporting and dashboards, including changes to the current information risk position related to policies owned by the Head of Information Assurance. Coordinate with wider information security reporting to ensure risk reporting aligns and supports widerinformation security communications standardsPolicy Contribute to the development and implementation of the KPMG UK information security policies across the firm and ensure changes to policies are integrated into the Information Risk Management frameworkand Information Security Management SystemContribute to policy compliance and oversight activities, including audits Promote good information security practice and standards across the firmAwareness and collaboration Establish strong relationships withfirst line of defence stakeholders, as relevant to role Establish strong relationships with other relevant stakeholders, including ISTP workstream leads Build on and preserve the firms reputation with clients, with regard to information securityThe PersonTechnicalknowledge and qualifications Experience of information security in a risk management capacityStrong working knowledge of information security standards (e.g. ISO 27001, ISO 27005, ISO 31000, Cyber Essentials, ISF Standard of Good Practice for InformationSecurity, ISF IRAM, NIST Cybersecurity Framework, CIS Top 20 Controls, etc.) Subject matter expert in information risk managementUnderstanding of privacy requirements (including GDPR, ISO 27701, etc.) Good knowledge of legal and regulatory requirementsimpacting information security Ability to communicate clearly and simply, both verbally and in writingCISSP certification and/or CISM desirableLeadership skillsExperience of leading and inspiring others, providing guidance, mentoring and planning Stronginfluencing skills Ability to prioritize and manage a complex workload, including multiple tasks for themselves Analytical skills Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions andrecommendations Ability to understand business drivers and risk appetite and to align information security compliance accordingly Experience of leading projects Problem solving skillsPersonal qualities A self-starter, with a proven need for excellenceA good team player Good inter-personal skills and ability to communicate effectively with stakeholders at all levels Multi-cultural awareness and sensitivity Strong integrity, independence and resilience Excellent attention to detail, combined with strategicvision