Manager, Cyber Security - Cyber Strategy, Risk, Board Reporting

The KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we don't anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory.

KPMG is currently seeking a Manager, Security Strategy and Governance in Technology Enablement for our Consulting practice

Responsibilities:

• Design risk management frameworks and implement risk processes, with engineering and infrastructure org, building products serving over a billion users.

• Spearhead cybersecurity policy and business process development.

• Participate in system security engineering and/or secure software development.

• Derive engineering requirements from policy and/or regulatory requirements.

• Identify points of risk within existing processes and procedures and make actionable recommendations to reduce identified risk.

• Assist in creating and maintaining technical documentation, including policies, procedures, and standards.

• Provide support to teams across the org and advise on security best practices.

• Evaluate software/hardware products and services for data security controls, compliance evidence collection,

• Act as a security advisor on governance, risk, and compliance.

Qualifications:

• 5+ years information security or governance experience, security engineering and DevSecOps experience to automate: evidence collection and control drift verification; Previous tech industry experience preferred.

• Bachelor's degree from an accredited college/university or equivalent experience

• Knowledge of threat and vulnerability vectors impacting applications, hosts, and networks.

• Knowledge of risk management and familiarity with risk assessments and working with regulatory frameworks such as NIST 800-53 or ISO 27001; In addition to Experience with governance or compliance standards such as GDPR and CCPA

• Certifications in one or more of the following: CIPP, CIPT, GSEC, CCSP, CISSP, CISA, or Security+.

• Experience building a Security Strategy and Risk Program, Identifying and Building KRI/KPI’s, Cyber Risk Quantification, Board Reporting, and interacting with Boards/C-suite Executives.

• Ability and willingness to travel, work in a fast paced, results driven environment, grasp new technology, and contribute at a rapid pace

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.

KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law.  In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).