Technical Security Consultant - Information Risk Assessments Manager

Job Description

Job description Location: Flexible UK WideThe RoleThe role holder will be a manager in the Information Risk Assessment team, leading on technical information risk assessments. This is to support how the firm identifies and analyses information securitythreats and risks to KPMG and client information in projects, initiatives, applications, IT resources, and Third Parties. The outcome of these activities is to advise on the controls necessary to keep these risks within agreed limits.The role holder will providesupport for the day-to-day service, providing consultancy advice to stakeholders and ensuring risks identified are entered into the Information Risk Register. The role holder will be expected to deputise for the Information Risk Assessment Manager (Lead) whenrequired, and provide mentoring and support to the Assistant Information Risk Assessment Managers in the team.Key StakeholdersChief Information Security Officer, Head of Information Assurance, and Head of Security OperationsBusiness and functional managersacross the firm including Project Managers, BISOs (Business Information Security Officers), Procurement, and Supplier ManagersChief Information Officer, and the IT Service Provider community in the firmSenior Managers, Directors, and Partners from across theUK firm, KPMG Global, and other KPMG member firms who act as Information/Application/Product OwnersKey ResponsibilitiesTechnical Information Risk Assessment- Be accountable for performing security consultancy and risk assessments (such as information riskassessments, solution design assessments, penetration testing, security configuration reviews, change reviews and red team testing) on KPMG managed technology solutions, managing demand and prioritising appropriately- Provide subject matter expertise, suchas providing risk-based advice, technical security input, recommending security control for Cloud solutions hosted in AWS, Azure and GCP, providing remediation strategies and advice on configuration changes- Provide consulting advice to CTOs, Technology Engineeringand Operations, business service owners and 3rd parties on how best to implement the firms information security policies- Support the firms mission to build client trust and confidence with regard to information security generally and information risk assessmentspecifically- Stay abreast of industry best practice in relation to information risk assessmentsRisk management- Proactively foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification andmitigation of information risk, escalating issues in line with the Information Risk Management FrameworkAwareness and collaboration- Establish strong relationships with business and functional teams- Establish effective relationships with IT service providersand other relevant stakeholders- Build on and preserve the firms reputation with clients, with regard to information securityKnowledge, Experience and SkillsTechnical knowledge and qualifications- Proven experience of information security with a strong hands-offtechnical security background- Direct experience of performing security risk assessments of applications and infrastructure within the Cloud, such as AWS, Azure and GCP- Strong knowledge of information security standards (e.g. Cyber Essentials, ISF Standardof Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls) and Information Security Industry Good Practices- Excellent understanding of security risk assessment and risk management methodologies, as well as softwaredevelopment lifecycles, especially in the context of building secure solutions in the public cloud- Cloud experience essential, Cloud Security Certifications preferred such as AWS Certified Security Specialist, Microsoft Certified Security Engineer (AZ 500),Google Cloud Certified Professional Cloud Security Engineer or equivalent- Security certifications preferred (CISSP, CRISC or equivalents)Leadership skills- Strong influencing skills- Ability to deal with a broad range of stakeholders at all levels, both internaland external, in a confident and assured manner- Ability to prioritise and manage a complex workload, including multiple tasks for themselves.Analytical skills- Strong analytical and problem- solving skills- Proven ability to identify and articulate informationsecurity requirements, risks and issues, and to make clear decisions and recommendations- Ability to understand business drivers and risk appetite and to align threat intelligence accordinglyPersonal qualities- A good team player, with the ability to act independentlyand exercise sound judgment- Excellent communication skills, both written and verbal- Multi-cultural awareness and sensitivity- Strong integrity, independence and resilience- Excellent attention to detail combined with strategic vision