Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today’s most important industries. Our growth is driven by delivering real results for our clients. It’s also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it’s no wonder we’re consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you’re as passionate about your future as we are, join our team.
KPMG is currently seeking a Director, Business Information Security Officer to join our Digital Nexus technology organization.
- Work with the Business Information Security Officer (BISO) Executive Director, strategic and proactive responsibility to develop, implement and monitor a comprehensive information security and related internal controls program to ensure that the integrity, confidentiality and availability of business applications, systems and data serving KPMG’s clients (Federal or Tax)
- Collaborate with federated technology and other matrixed organization stakeholders to ensure the consistent application of government policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management
- Work to facilitate and inculcate into firm culture and education information security program nuanced requirements to address the fluid and complex nature of the KPMG business operating environment while facilitating metrics and reporting framework to measure the efficiency and effectiveness of the business security program, facilitate appropriate resource allocation, and increase the maturity of security capabilities
- Define and facilitate the information security risk assessment process including the reporting and oversight of treatment efforts to address negative findings in accordance with domestic and international information security protocols
- Provide regular reporting on the current status of the information security program to enterprise risk teams, senior technology and business leaders as part of a strategic business risk management program
- Translate information security requirements and policies into appropriate standards and plain English, pragmatic guidelines to achieve the policy compliance
- A minimum of ten years of recent progressive experience in complex information security programs in a decentralized operating / organization structure; financial services experience a plus
- Bachelor's degree from an accredited college/university; Master's degree preferred
- Experience in a mature, advanced cloud environment; multi-cloud and hybrid cloud experience a plus; comfortable with new disruptive digital technologies and application to business strategies. High level of comfort operating in a hands-on and operational manner to drive process and collaboration with Chief Information and Digital Officer (CIDO), Chief Development Officer (CDO), Chief Technology Officers (CTOs) and 2nd line of defense
- Exposure and experience with business continuity planning, auditing, and risk management, as well as contract negotiation and vendor management within the US and in other regions of the world
- Proven knowledge in full lifecycle project management with these critical investigative skills: inquiry and analysis, interviewing, testing, with the ability to research and resolve issues independently
- Strong familiarity with the US regulatory environment as well as familiarity with CMMC, NIST SP 800-171, FISMA, FedRAMP, DoD 5200, ITAR & EAR compliance requirements while having a background in enterprise risk management, forensic investigations, FBI, CIA, Government, Law enforcement or related areas is highly preferred
KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies pleas