Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today’s most important industries. Our growth is driven by delivering real results for our clients. It’s also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it’s no wonder we’re consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you’re as passionate about your future as we are, join our team.
KPMG is currently seeking a Manager, Information System Security Officer (ISSO) to join our Global Technology team which is part of the KPMG International organization.
- Coordinate, align and translate business requirements and security better practices into security-based project plans and deliverables (standards, controls, guides, design implementations, runbooks) that can be leveraged by infrastructure teams and KPMG’s member firms
- Assess and mitigate system security threats and risks throughout the platform’s life cycle; validates system security requirements definition and analysis; assists with the implementation of security procedures; verifies information system security requirements; performs information system certification and accreditation planning, testing, assessing and liaison activities
- Understand research, design and develop documentation, processes and techniques to evaluate and continuously update security solutions, technical and reference architectures and supporting security strategies for KPMG platforms
- Develop and maintain platform and system-specific security controls test matrix, security assessment reports, plan of action and milestones, system security plans, continuous monitoring and evaluation plans and other artifacts supporting software, system, system of system and platform security operations
- Stay current on system and platform vulnerabilities and provide tailored security recommendations to maximize business usability and platform security
- Regularly work with ITS Global teams, business sponsors and KPMG member firms to address security questions and serve as a promoter and Guardian of Global Standards to drive KPMG’s Cloud First Strategy, speed to market and security steward
- Minimum five years of recent combined experience with relevant IT and IT security experience, with a focus in Microsoft O365 and Azure
- Bachelor's degree from an accredited college/university or equivalent work experience
- Professional certifications in information technology and cloud security - CISSP preferred or (obtained within a reasonable timeframe), CCSP (optional), CISA (optional), CEH (optional), OSCP (optional); Azure Solutions Architect Certification (preferred but not required with demonstrated professional work experience)
- Background working on large-scale projects and the ability to manage multiple processes and projects at once while building constructive working relationships across the different teams, functions, cultures, genders and demonstrating KPMG behaviors and values
- Ability to understand large projects and prepare executive level reporting, capable of strategic thinking and of moving strategic plans into action; familiar with information system security architectural documentation standards; able to apply IT security standards, directives, guidance and policies to an architectural and risk-based framework
- Skills to read and interpret technical design documentation for M365 and Cloud; understand enterprise architecture frameworks and can independently author and assess technical architectures for compliance to security standard and better practices
KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.