Security Remediations Support Manager

Job Description

Job descriptionRole and ResponsibilitiesWorking as part of the KPMG Assurance and Remediation team within Information Assurance, you will play a key role in ensuring that the business and IT systems are protected and secure.The Security Remediation team manages information security control deficiencies and findings originating from Audits/Assessments, Risks and Vulnerabilities.The role requires close co-operation with the Information Security risk board, Assurance teams, Security Incident Management, Risk Management and Risk Assessment leads.The responsibilities of the role include:- Manage and maintain the findings register, ensuring that all findings are mapped to controls, risks and policy.- Analyse and consolidate findings and risk mitigations, document and recommend project activities to address complex or grouped findings.- Review Security Incidents to ensure that any potential findings or root causes have been identified and have remediation plans in place.- Manage the risk acceptance process for findings.- Manage team to ensure that findings/mitigations and their associated remediation plans are defined, updated and executed.- Escalate findings/mitigations where necessary to senior stakeholders.- Regularly report on findings and mitigations, including trend analysis (using Problem Management), status reporting of remediations and an overview of the current findings/mitigations landscape.- Verify and validate that findings/mitigations are closed and ensure that evidence is logged, where required.- Maintain and build good relationships across the wider team and share information to support the broader aims of Information Security.- Develop and implement Security Remediations processes and procedures, ensuring alignment to the firms strategic goals.- Demonstrate excellent project management skills, promote teamwork and individual accountability with engagement team members, and use available technology, tools, and KPMG Information Security assets to enhance the effectiveness of deliverables and services.Experience and BackgroundTechnical:- Experience working in an Information Security role, with proven track record in the management of Remediations, Risks and Findings.- Detailed knowledge of IT and Information Security controls; CISM Certified.- Good working knowledge of information security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework etc.).- Working knowledge of techniques for planning, monitoring, data analysis and reporting.- Experience in Problem Management analysis strategies including, Ishikawa, Pareto, Fault Tree Analysis and Brainstorming.- Technical knowledge of IT /digital systems and infrastructure.- Proven Project Management skills.- Process Management skills including the design and implementation of processes and procedures.- Ability to develop and maintain effective working relationships (good stakeholder management) with team members of all levels (in the UK, and globally).- A methodical approach with accuracy is essential.- Good written and verbal communication and presentation skills, teamwork, and customer service skills.- Ability to work in high-demand, busy environments with a willingness to go the extra mile if required.- Ability to quickly learn new technologies and systems.- Experienced in a wide base of technology and toolsets.Leadership:- Strong People Management experience, including conducting performance reviews, setting goals and supporting development plans.- Ability to listen to conflicting viewpoints to make considered and sometimes challenging decisions.Personal:- Ability to develop and leverage strong relationships with internal and external stakeholders.- Self-motivated, working independently, managing own workload.- Ethical, with the ability to remain impartial and report on non-compliances.- Organisational skills with attention to detail.- Flexible.