Manager, Cyber Security - ServiceNow GRC

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team.

KPMG is currently seeking a Manager, Cyber Security - Cyber GRC / ServiceNow IRM to join our Cyber Security organization

Responsibilities

• Experience in guiding clients and developing their Cyber GRC vision, strategy, and implementation roadmap
• Experience demonstrating out of the box capabilities within ServiceNow IRM/GRC, ServiceNow SecOps, and/or OneTrust and aligning those capabilities against client’s objectives
• Experience designing, architecting and implementing Cybersecurity, Cyber Risk, SecOps and GRC / IRM programs and technology platforms in one or more of the following areas: Policy and Compliance, Risk, Vendor Risk, Business Continuity, Data Privacy, Issues Management, Vulnerability Response and Security Incident Response
• Oversee implementation of one or more applications in ServiceNow IRM/GRC, ServiceNow SecOps, or OneTrust GRC supporting Cybersecurity and Cyber GRC programs
• Experience with agile and scrum methodology, creating process designs and technical designs, defining user stories, working with a diverse development teams in multiple geographies, leading user acceptance testing (UAT), and providing the necessary end-user training to deliver the proposed solution to the highest caliber
• Facilitate requirements gathering, scrum, sprints, testing, and deployment by working directly with clients
• Actively participate in practice development such as innovate solutions to complex problems, knowledge management and work towards building a strong Cyber GRC community.

Qualifications:

• A minimum of five years’ experience in the field of Cybersecurity, Cyber Risk and GRC with a strong working knowledge of ServiceNow and/or OneTrust GRC;

• Bachelor’s degree from an accredited college/university or equivalent professional experience;

• Certifications in any of the following: ServiceNow Certified System Administrator (required for candidates with ServiceNow experience);ServiceNow CIS certification in IRM in either: Risk and Compliance, Vendor Risk Management OneTrust GRC Professional Certification ServiceNow CIS certification in SecOps in either; Security Incident Response or Vulnerability Response (a plus)

• Solid competencies in processes related to Cyber GRC domain including Security Policy Management, Security Compliance Management, Cyber Risk, Vendor Security Risk, Business Continuity, Data Privacy Vulnerability Management, Security Incident Response Management and / or Issues Management

• Competency in security frameworks including NIST CSF, NIST 800-53, ISO 27001, HIPAA, PCI, SOX

• Competency in Unified Controls Framework (UCF) and mapping to common controls

• Experience with security tools such as Nessus, Rapid 7, Tanium, Qualys, Splunk, QRadar, LogRhythm, etc. is a plus

• Demonstrable interpersonal, facilitation and presentation skills to help clients navigate through complex cybersecurity and GRC challenges

• Ability and Willingness to Travel 

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.

KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law.  In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).