Information Risk Assessment Assistant Manager

Information Risk Assessment Assistant Manager London, England

KPMG-UnitedKingdom
Full Time London, England 58800 - 90000 GBP ANNUAL Today
Job description

Job description

The role holder will be an Assistant Manager (Grade D) in the Information Risk Assessment team, conducting Information Risk assessments by supporting how the firm identifies and analyses information security threats and risks to KPMG and client information in projects, initiatives, new systems, applications and IT resources, to advise on the controls necessary within agreed limits. The role holder will provide support for the day-to-day service, to support the Information Risk Assessments Team ensuring risks are identified and are entered into the Information Risk Assessment tool.

Key Activities include


  • Conducting multiple Information Security Risk assessments of technologies and suppliers for internal projects and initiatives.
  • Completing Information Risk Assessments in-line with KPMG UK's Risk Assessment methodology to completion which may include raising risks.
  • Appropriate information security contractual clauses are used in any formal agreement with suppliers.
  • Collaborating, liaising, conversing and working with internal project/initiative stakeholders and security testing teams to recognise appropriate risks with identified security findings.
  • Working within agreed timescales and keeping Information Risk Assessments on track within agreed SLA's with business stakeholders.


Key Stakeholders


  • Business and functional managers across the firm, including Project Managers, Project teams, BISOs (Business Information Security Officers), Procurement, and Supplier Managers (and 3rd parties).
  • Technology, Information Assurance, Security Operations and Data Privacy teams.
  • Senior Managers, Directors, and Partners from across the UK firm, KPMG Global, and other KPMG member firms who act as Information/Application/Product Owners.


Key Responsibilities

Technical Information Risk Assessment

Within the Risk Assessment team:
  • Be responsible for performing Information Security Risk Assessments upon projects, suppliers and hybrid projects (technology projects with a supplier), KPMG managed technology solutions, managing demand and prioritising assessment appropriately.
  • Provide guidance towards completing risk assessments.
  • Provide consulting advice to CTO's, Technology Engineering and Operations, business service owners and 3rd parties on how best to implement the firm's information security policies.
  • Support the firm's mission to build client trust and confidence with regard to information security generally and information risk assessment specifically.
  • Stay abreast of industry best practice in relation to information risk assessments
  • Support the delivery of a high-quality and timely information risk assessment service to the firm.
  • Promote good information security practices and standards across the firm.


Information Risk Management


  • Proactively foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, as well as escalation of issues in line with the Information Risk Management Framework.
  • Support the ongoing development and maintenance of the firm's Information Risk Management Framework, including its supporting methodologies, processes and artefacts.


Co-ordination


  • Ensure understanding of the Information Risk Assessment process and manage the process for specific assessments.
  • Support the Information Risk Assessments team with other ad-hoc work as required.


Awareness and collaboration


  • Establish strong relationships with business, functional teams and other relevant stakeholders.
  • Build on and preserve the firm's reputation with third-party suppliers around information security.


Benefits expected


  • Aspire to KPMG Values: Integrity, Excellence, Courage, Together and For Better
  • Expand Information security knowledge and experience by using all learning resources available within KPMG.
  • Develop and grow as an individual by leveraging personal strengths, working through areas of development and comfortable in receiving and giving constructive and objective feedback.


Knowledge, Experience and Skills

Technical knowledge and qualifications


  • A minimum of 3 years' experience of technical information security risk assessments required.
  • Good working knowledge of industry best practice around information security controls covering: cloud security, network security, application security, encryption, information security testing, vulnerability management, access governance, and SaaS assurance.
  • Familiarity with information security standards (e.g. Cyber Essentials, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls).
  • Understanding of personal data and privacy.
  • Security certifications desirable.


Personal qualities and leadership skills


  • Excellent English-language communication skills essential - both spoken and written.
  • Diligent and focused, with the ability to prioritise multiple tasks and manage multiple risk assessments concurrently by themselves.
  • Ability to deal with a broad range of stakeholders at all levels, both internal and external, in a confident and assured manner. Happy to engage, manage, chase and communicate with stakeholders.
  • Good team player who is enthusiastic about engaging with the wider Information Risk Assessment team, and with the ability to act independently and exercise sound judgment.
  • Assertive, by being able to articulate technical concerns with stakeholders.


Analytical skills


  • Strong analytical and problem-solving skills, with excellent attention to detail.
  • Proven ability to identify and articulate information security requirements, risks and issues, and formulate clear decisions and recommendations.
  • Ability to understand business drivers and risk appetite, in order to make informed risk assessment decisions.


Other requirements


  • Covering at least 75% of UK working hours.
  • Willing and able to obtain BPSS clearance for the UK.

Information Risk Assessment Assistant Manager
KPMG-UnitedKingdom

https://www.kpmguscareers.com/
New York, United States
Paul Knopp
$25 to $50 million (USD)
1001 to 5000 Employees
Company - Private
Business Consulting
1987
Related Jobs

All Related Listed jobs

Administrative Assistant
MSG Building and Construction Ltd Bolton, England 11 GBP HOURLY Today

Liaise with suppliers/contractors/Birtenshaw staff via e-mail and telephone. Keep accurate spreadsheet records for annual leave, sickness, overtime, out of

Staff Restaurant Attendant
The Kensington London, England 22.5 GBP HOURLY Today

Discounts in selected stores and online shops. 28 days of holidays (including public holidays). 50% discount when dining with The Doyle Collection.

civil engineer
Vickerstock Belfast, Northern Ireland 28745 - 25000 GBP ANNUAL Today
police officer
Mobile Technical Staff Slough, Berkshire, South East England, England 12 - 11 GBP HOURLY Today

Our client based in Slough are looking to hire an Animal / Dog Warden. This is a temporary ongoing role with possibility of becoming...

Senior Associate CRM Manager
Big Fish Games, Inc. London, England 28984 - 50000 GBP ANNUAL Today

You have experience implementing and managing initiatives driven by personalization, customer segmentation and LTV of customers.