| London Jobs |
| Manchester Jobs |
| Liverpool Jobs |
| Nottingham Jobs |
| Birmingham Jobs |
| Cambridge Jobs |
| Glasgow Jobs |
| Bristol Jobs |
| Wales Jobs |
| London Jobs |
| Manchester Jobs |
| Liverpool Jobs |
| Nottingham Jobs |
| Birmingham Jobs |
| Cambridge Jobs |
| Glasgow Jobs |
| Bristol Jobs |
| Wales Jobs |
| Oil & Gas Jobs |
| Banking Jobs |
| Construction Jobs |
| Top Management Jobs |
| IT - Software Jobs |
| Medical Healthcare Jobs |
| Purchase / Logistics Jobs |
| Sales |
| Ajax Jobs |
| Designing Jobs |
| ASP .NET Jobs |
| Java Jobs |
| MySQL Jobs |
| Sap hr Jobs |
| Software Testing Jobs |
| Html Jobs |
| Job Location | London |
| Education | Not Mentioned |
| Salary | Competitive salary |
| Industry | Not Mentioned |
| Functional Area | Not Mentioned |
| Job Type | Permanent, full-time |
Job description Title: Policy and Standards Manager (Grade C)Business unit: Policy and Risk, Information AssuranceDepartment: Risk and LegalThe TeamThe role holder will be a key manager in the Information Assurance team and will have visibility of thethree lines of defence in the KPMG UK firm, delivering second line of defence policy and standards activities, providing oversight over the first line of defence and supporting the third line of defence when necessary. The role holder will also have responsibilityfor supporting the development, maintenance and change control of the firms information security policies and standardsThe RolePolicy Support the development, maintenance, change control and communication of the UK firms information security policies, standards,guidelines, controls and supporting documents Track internal and external requirements used as input into policy, standard, guideline and control changes with various control owners and other stakeholders Work with KPMG Global information protection group(IPG) and the policy focus group (PFG) to track changes and provide input into Global policies, standards and other supporting documents Align KPMG Global policies, standards and other supporting documents with UK firms policies, standards and other supportingdocuments Ensure policies are compliant with the UKs ISO 27001 Information Security Management System Coordinate policy, standards and other supporting document changes with Awareness and Education lead for alignmentWork with Information Security internaland KPMG UK communications teams for appropriate policy, standards and other supporting document publishing Support Information Risk Management Framework Lead and supporting staff to ensure UK policies, standards and other supporting documents can be convertedand integrated within KPMGs governance risk and compliance (GRC) solution Coordinate controls mapping to industry standards with control owners with support from industry standard control mapping solutions (e.g. unified compliance framework, etc.) Promotegood information security practice and standards across the firmSupport third line of defence internal and external audits Support the firms mission to build client trust and confidence with regard to information security Stay abreast of industry bestpractice in relation to information security governance, risk & compliance Provide policy subject matter expertise input into culture and awareness initiatives and ad-hoc projects and help to create supporting guidance and materials Manage the policy exceptionsprocess and act as an escalation point when necessary Provide support and guidance to the business, other teams within Information Assurance and the wider Information Security department on matters of policy. Risk management Support proactive and timelyidentification, evaluation and recording of non-compliance and information security risks Foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalatingissues in line with the Information Risk Management Framework.Awareness and collaboration Establish strong relationships with business and functional teams Establish strong relationships with IT and other relevant stakeholders Build on and preserve thefirms reputation with clients, with regard to information securityThe PersonTechnical knowledge and qualifications A minimum of 5 years experience of information security in a governance, risk & compliance capacity Practical expertise in developing informationsecurity policy and standards (and the ability to write policy content in plain and precise English) Strong knowledge of information security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST CybersecurityFramework, CIS Top 20 Controls) Sound understanding of privacy requirements (including GDPR, ISO 27701, etc.) Strong working knowledge of the IT security aspects of IT infrastructure (network and servers) and services, including Cloud computing and IT applicationsecurity Security certifications preferred (CISSP, CISM or equivalent)Leadership skillsStrong influencing skillsAbility to deal with a broad range of stakeholders at all levels, both internal and external, in a confident and assured manner Abilityto prioritize and manage a complex workload, including multiple tasks for themselves and direct reportsAnalytical skills Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions and recommendationsAbility to understand business drivers and risk appetite and to align information security compliance accordingly Strong analytical and problem solving skills Experience of leading projectsPersonal qualities A good team player, with the ability to act independentlyand exercise sound judgment Excellent communication skills, both written and verbal with the ability to explain information security and risk management topics to non-experts.Multi-cultural awareness and sensitivity Strong integrity, independence andresilience Excellent attention to detail combined with strategic vision