Director, Information Protection - Remote

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today’s most important industries. Our growth is driven by delivering real results for our clients. It’s also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it’s no wonder we’re consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you’re as passionate about your future as we are, join our team.

KPMG is currently seeking a Director, Information Protection to join our Digital Nexus Technology organization. This is a remote work opportunity. 

Responsibilities:

• Lead the firm’s Information Handling Program; Work on the portfolio of projects and business as usual activities that drive continuous improvement in how people protect the confidentiality of firm and client information, the program encompasses people, process, and technology; Lead a team of sixteen people with three direct reports
• Manage and operate information protection processes, such as the Cyber Sanctions process associated with internal violations to firm policy, procedures and expectations associated with the protection of confidential information; Data Security Governance program to continuously assess, enhance, and optimize the US firm data security governance strategy and program
• Develop/modify processes to incorporate lessons learned that will improve future data security governance approaches and documented evidence; High Risk Loaner Program where users traveling to information-risky countries take specially configured devices such as laptops, mobile devices vs their standard KPMG devices; Information Handling Preventive Controls including but not limited to blocking web uploads to filesharing sites, including an exception process; Information Incident Response Team (IIRT) that through a cross-functional core response team analyzes, contains, eradicates, and recovers from an information incident; Insider Risk Management program, inclusive of both Federal Practice and firmwide objectives
• Perform in the role of Incident Commander for large complex information incidents while having appropriate communication and reporting is a critical success factor for the role
• Collaborate across functions including but not limited to Office of General Counsel, Risk Management, Talent & Culture, federated technology teams, Corporate Communications, and others as needed within the US member firm, KPMG Americas, and KPMG International teams, with the objective of having a consistent approach to information handling and the continuous improvement of related controls
• Contribute to thought leadership on the topics of information protection, security monitoring and response services and to the security awareness program on firm information handling practices; Maintain currency with industry best practices in this space while incorporating leading tactics, techniques, and procedures; grow the quality, coverage, and scope of services to maintain a best-in-class information protection program

Qualifications:

• Minimum ten years of recent experience in program management and a minimum four years of recent experience in a security role, preferably associated with information handling, protection, and response
• Bachelor's degree from an accredited college or university is preferred; CISSP preferred
• Experience leading IT security projects and programs, security operations, monitoring, incident response or crisis management, with the ability to prioritize and divide responsibilities, as well as influence people to take action
• Excellent verbal/written communication skills with ability to effectively interact with individuals at all levels of responsibility and authority, including working remotely full time or experience working with a geographically dispersed team
• Strong troubleshooting, IT process definition/improvement and organizational skills, with the ability to work on multiple programs simultaneously
• Familiarity with privacy laws/regulations such as GDPR, CCPA and HIPAA; U.S. Citizenship is required 

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.

KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law.  In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).