Information Protection Assurance Senior Manager

KPMG

Vacature informatie

Bedrijf: KPMG

Locatie: Amstelveen

Opleidingsniveau: HBO

Arbeidsvoorwaarden: Marktconform

Solliciteren

De functie

Primary Purpose and Goal
The KPMG International Information Protection Group (IPG) Assurance team focus includes:

  • Maintaining Information Protection Risk Profiles of KPMG member firms based on assessment results and continuous monitoring efforts in key risk areas such as patching.
  • Performing Information Protection Compliance Reviews (IPCRs) of KPMG member firms against global information protection policies, standards and initiatives.
  • Developing global Information Protection Internal Audit (IA) guidance for KPMG member firms, communicating guidance globally and performing IA quality assessments.
  • Supporting KPMG member firms in information protection risk treatment efforts in conjunction with the regional security advisoryteams.
  • Maintaining a defined information protection compliance framework, which include a set of information protection controls based on policy requirements against which member firm compliance can be assessed.
  • Contributing to the development and communication of global information security policies,guidelines and standards.
  • Compiling Information Protection Risk Indicators for Global Suppliers and performing Global Supplier Information Protection Risk Assessments (GSIPRAs) using risk indicators.
  • Collaborating with KPMG International Global Procurement and other IPG groups on information protection aspects of global agreements.
  • Supporting KPMG International stakeholders in managing information protection risks associated with the delivery of services by suppliers / third parties.
  • Reporting assessment results and potential risks to KPMG International and member firm leadership.

 

Responsibilities and Tasks

  • Plan, manage and perform Global Information Protection Compliance Reviews (IPCRs) of KPMG member firms against global information protection policies, standards and initiatives.
  • Plan, manage and perform Global Supplier Information Protection Risk Assessments (GSIPRAs).
  • Develop and maintain executive management reporting based on the results of the assessments (e.g. GISPRA or IPCR) and the relevant risk treatment progress.
  • Develop, document and maintain assessment (e.g. GISPRA or IPCR) processes, procedures and materials.
  • Facilitate global Information Protection Internal Audit (IA) program activities, develop and communicate IA guidance, respond to member firm inquiries, track IA results.
  • Support risk treatment efforts, provide guidance based on global policies, escalate as needed to member firm and regional leadership and track progress.
  • Work with others in the Information Protection Group on ongoing or new activities, as the need arises, including updating global information protection policies, guidelines and standards and communicating updates to member firms.
  • Actively champion awareness of global information protection policies and provide practical recommendations for risk treatment efforts.
  • Support onboarding of KPMG Member Firm National IT Security Officers (NITSOs) and respond to member firm inquiries as needed working with the regional security advisory teams.

Het profiel

Education & Qualifications

  • Minimum of 7 to 9 years of experience, with at least 5 years of information protection assessment experience within a corporate environment (global companies preferred).
  • Bachelor’s degree from an accredited college / university (preferably in Computer Science, Computer Engineering, Information Security) – Masters (post-graduate) degree a plus Professional information security audit / assessment, information security management or privacy qualifications preferred, such as CISA, CISM, CISSP or CIPP, ISO 27001 Lead Implementer and/ or Auditor.
  • Experience performing audits to ISO27001 preferably and other relevant standards (such as SSAE18).
  • Hold a valid passport and able to travel periodically on business assignments.
  • Fluent in English, other languages spoken a plus, such as Spanish, French, Mandarin.
  • Very good understanding and practical experience of security management and auditing standards we well as risk treatment principles.

Management and Competencies

  • Excellent information protection risk assessment planning and managing skills.
  • Excellent report writing skills in English.
  • Capable of critical thinking and executing plans into action.
  • Good communicator, strong presentation skills, comfortable presenting to senior management.
  • Experienced working in multi-cultural environments and sensitive to different business cultures.
  • Strong ability to multi-task and work independently within a global team.
  • Methodical approach to work, attention to detail and delivery of high quality results.

Ons aanbod

KPMG is an international network of companies with personal attention for employees.  We have a strong market position. Our people work closely together on a daily basis in a pleasant and stimulating environment where we provide services to domestic and international clients. Personal development is central to KPMG. Through targeted training, education and coaching, we help our employees to excel and get the best out of themselves.
We offer you an excellent package of primary and secondary benefits (laptop, smartphone, reimbursement of expenses and non-contributory pension), which are tailored to the latest developments in the market.

Meer informatie en solliciteren

For more information about the application procedure, you can contact the responsible recruiter. Apply directly? Then click on the 'apply' button below

Vacature informatie

Bedrijf: KPMG

Locatie: Amstelveen

Opleidingsniveau: HBO

Arbeidsvoorwaarden: Marktconform

Solliciteren

Meer vacatures

Vacatures