The Job holder will be responsible and accountable to follow-up on the EMA member firms Risk profile and exposure, compliance reviews and will advise them on how to address the observed non-compliances as well as with their ISO 27001 accreditation challenges and proceedings. In addition he will participate and assist EMA RDC Information Security activities and posture as needed and as assigned.
This position requires the assigned resource to:
- Manage the adaptation and adoption of KPMG’s local and global information security policies.
- Governing the processing of periodic IT Access Control, IT General Control and Application Vulnerability/Penetration audits, assisting with analyzing corresponding findings and prioritizing mitigating actions and working with internal and external consultants as appropriate for independent security audits for the EMA member firms as assigned.
- Demonstrate a full understanding of the ISO 27001 processes and controls and assisting the EMA RDC NITSO and Information Security Manager in the RDC ISO accreditation process.
- Assist the EMA RDC Head of RAS and EMA RDC NITSO and Information Security Manager in performing periodic ISO control audit assessment reviews with key suppliers.
- Participate in workshops and other sessions and co-lead on technical aspects of processes in a specific process area.
- Develop adequate management and reporting methodologies aligned to internal processes and control frameworks, and regularly report to KPMG senior management representatives on performance and risk indicators for EMA member firms as assigned.
- Working with regional and global functions to adapt the elements of KPMG’s local and global information security policies (incl. taking into consideration regional regulations) in Member firms as assigned.
- Provide guidance in the implementation and maintenance of standard KPMG and member firm policies, for example the Physical Security and Clear Desk policies.
- Monitoring KPMG’s Member firms compliance with its statutory, regulatory and policy obligations related to Information Security, and supporting their leadership in ensuring that such policies are being adhered to.
- Ensure that security threats in relation to information risk have been considered within the overall risk assessment, and consequently implementing a proportionate information risk controls framework.
- Oversee and assist with the following information security activities in the EMA member firms as assigned:
- Risk Management;
- Security Policy Management;
- Organizing Information Security;
- Ensure Asset Protection;
- Integrate Human Resource Security;
- Ensure Physical and Environmental Security;
- Communication and Operations Management;
- Develop Access Control measures;
- Lead Information Systems Acquistition, Development and Maintenance;
- Lead in Security Incident Management;
- Participate in Disaster Recovery Management;
- Conduct Information Security Economics justifying Security investments.
You will report to EMA RDC NITSO and will liaise often with, the Regional RDC NITSO and Global IPG team when aligning regional and global security standards. You will guide the member firms to enhance their understanding about the business process security impacts. You will also engage with the EMA Regional Head of RAS, Regional Business Process Managers / Supervisors, the Regional Support Team and the Regional PMO, to align business demands and assessing technical solutions to functional requirements and ensure that timelines and deliverables for projects within the region are clearly understood and adhered to (incl. documentation requirements etc.).
Members of the EMA RDC need a core set of competencies enabling them to work effectively with the various ITS and business communities within the regions and the member firms. Skills such as virtual teaming, customer relationship management and product expertise lay the foundation upon which specialty competencies are built. Specialty competencies support the coaching, training, measurement, and change management skills that are typically needed in a technology deployment or in the programs following to increase usage.
- Minimum 3 years’ experience in corporate environment supervising functional support teams on a consultant level, ideally in a global setting in a technology and/or a professional services environment.
- Minimum 3 years’ of experience as an Information Security/Governance officer/specialist/analyst or similar IT Security/Governance professional, preferably within a global enterprise environment.
- Good technical knowledge of security technology, business system continuity planning, auditing, and risk management.
- Strong analytical, evaluative and problem solving abilities.
- Strong leadership and teamwork skills.
- Good understanding of security policies, procedures and technologies, including ISO 27001 series;
- Good understanding of compliance management and ISO accreditation proceedings and mandates.
- Strong EMA professional services business process knowledge in the region.
- Experience using communication tools like Microsoft Office which are utilized extensively in the region working as part of a virtual team.
- Maturity in personal skills and the practical application ERP methodologies.
- Pragmatic attitude and flexible to changing priorities and demands.
- Strong interpersonal, verbal, written, analytical, problem-solving, and conceptual skills.
- ITIL foundation certified (other qualifications such as CISM, CISA, if not already achieved, are to be actively progressed as part of a continuous career development plan).
We believe that progress can only truly be progress if its cause benefits both the individual and society as a whole. Therefore, we combine the newest technologies with what we have accomplished in the century we are existing: a foundation of knowledge, expertise and independent thinking.
Open, creative and venturous
We offer a stimulating mix of entrepreneurship, creativity and team spirit. You can be yourself, you feel validated and appreciated and you know that you can make a difference if you want to.
The ultimate environment for personal growth
Here at KPMG, you will be given plenty responsibilities from the start, combined with the freedom to develop yourself, both personally and in business. We are not only offering you a job: we are offering you a career.
Additionally we are offering you:
- A competitive salary
- 30 holidays
- Freedom of choice in (most of) your work
- A laptop and iPhone which can also be used privately
- A non-contributory pension plan
- A lease car
- Discounts on insurances and tax benefits for a gym membership
- Lots of activities involving fellow KPMG colleagues, such as Friday afternoon drinks.
Meer informatie en solliciteren
Please apply via the button below. For questions, please contact the dedicated Recruitment Advisor, Maud van Turnhout at firstname.lastname@example.org.