KPMG’s Risk & Regulatory Advisory (R&RA) practice is a strategic growth area for the firm. Part of Enterprise Risk Services offering, it provides client services over a broad range of financial and non-financial risk domains. Within the practice we have seen increasing demand for controls related services, ranging from controls transformation, operating model design to testing. We have a team of controls SMEs who deliver added value to clients through a structured approach to framework build, process and control accelerators, operating model design, automation using AI and to testing solutions. Our dedicated controls team work closely with other teams through our Connected Consulting business, including colleagues in Technology Risk,  Functional Transformation, and People and Change to ensure our clients receive the best possible advice. 

We have an opportunity for a Director based in the Financial Services team in London

We have a significant growth plan in our FS team over the next three years and in order to support this we are looking to recruit motivated individuals with a commercial edge who are seeking a real challenge, at Director level across our Indirect Tax business, to build on our successes to date and help us achieve our growth targets... 

Job Title/Req Number: Tech Risk Assistant Manager - SAP Controls (106701)

Base Location: London or Birmingham, plus network of 20 offices nationally: KPMG Office Locations

The KPMG Technology Risk Consulting function is a cornerstone of our business. Operating from London and Birmingham, we do work that matters, serving the country with diligence and expertise.

KPMG is one of the world's largest and most respected consultancies. We've supported the UK through times of war and peace, prosperity and recession, political and regulatory upheaval. We've proudly stood beside the institutions and businesses which make the UK what it is.

By encompassing a wide range of disciplines across a breadth of areas such as Customer Experience and Digital, Strategy, Forensic, Risk and Regulatory, People and Talent, and Operational and Financial Transformation, we become immersed in our clients' organisations, applying sector knowledge and technology solutions to deliver the best possible outcomes and get it right first time.

Why Join KPMG as a Tech Risk Assistant Manager - SAP Controls? Technology Risk Consulting (TRC) is a fast growing department that currently consists of about 200+ professionals across different sectors of which roughly half are based in our Canary Wharf office in Canada Square in London. We have a mix of Sector, FS and IGH clients like BP, Booking.com, HSBC, LSEG, HMRC and NHS. Our engagements often take place in an international context which requires us to provide services across the globe, often in close cooperation with other KPMG offices.

Our services are of both an assurance and transformation in nature and include:

• General IT and ERP controls, design and implementation of GRC operating models and solutions, IT Security and Risk Management, control automation, design and implementation of SOX 404 control framework, design and implementation of controls for S/4 HANA programmes and Independent Project Assurance.

Within this team a key objective is to grow our capability and size of our SAP offerings into the market, as part of a wider strategic plan to grow our ERP & Business Systems team. The services we provide include External and Internal Assurance, Controls Transformation, Process Optimisation and GRC implementations. This work is delivered through stand-alone assignments, or as part of internal audit engagements.

Typical activities include:

• Responsibility for quality, value add and timely delivery of the overall output from client engagements.
• Scoping, financial management, managing delivery risk, production and review of deliverables.
• Building and managing excellent client relationships.
• Actively identifying and progressing business development opportunities, as well as managing sales activities such as proposal writing and assisting with client presentations.
• Coaching and developing team members on engagements.

Roles & Responsibilities:

• Provide consulting and advisory services to clients that operate SAP systems including SAP GRC Access Controls and Process Controls.
• Help clients enhance their SAP controls capability and increase control automation.
• Work stream lead / SME on SAP / GRC control and/or Data Analytics engagements.
• Building and managing excellent client relationships across a range of clients.
• Developing internal networks and maintaining excellent relationships with colleagues across KPMG, but in particular in the wider Advisory areas.
• Contributing to practice management, e.g. innovation, training, knowledge management.
• A good understanding of SAP and SAP GRC technology platforms.
• Ability to identify and assess complex SAP risks and controls, to relate them to the wider business environment and to express opinions clearly t

Do you want to “hack the gibson?” Do you enjoy playing a “nice game of chess”? If we said “hack the planet” would you be able to tell us the film? At KPMG we are looking for a Senior Manager who lives and breathes hacking and information security. You will have earned your stripes doing CHECK work in data centres and be ready to, or already skilled in leading teams of talented testers.

In return we will provide some of the UK’s most unique government and commercial engagements for you to cut your teeth on and a friendly, passionate team to develop and grow.

The KPMG’s Cyber Defence (CDS) Team conducts client facing technical assurance and penetration testing and has a long and successful history in KPMG. Our clients are diverse and we cover many sectors with particular specialisms in Financial Services, High-end Defence Assurance and Telecommunications. We work closely with the NCSC developing new schemes such as Cross Domain Solutions Testing (https://www.ncsc.gov.uk/blog-post/ncsc-cross-domain-industry-pilot-stage-2) and are members of all current NCSC and CREST testing schemes - as a result we conduct interesting and challenging work that isn’t on offer elsewhere

Cyber Threat Intelligence (CTI) Manager

Role Summary
The KPMG Cyber Response and Recovery Services (CRS) and Cyber Defence Services (CDS) teams are growing, and a requirement has been identified for a Cyber Threat Intelligence (CTI) Manager to lead our growing CTI team. The CTI manager role will report directly to the capability lead for Cyber Response and Recovery and work closely with the capability leads for both CRS and CDS. Cyber security is one of the areas which KPMG has identified for tremendous investment and growth. Our clients face a challenging cyber threat and look to us to help them understand and respond to that threat.

This is a hands-on role where you will lead development of CTI service lines and pursue new business opportunities and increase revenue growth.  You will lead the CTI Cell and establish KPMG’s position as a thought leader across cyber forums, delivering impactful reporting on leading CTI provider building on our trusted relationships to deliver a range of CTI services to clients across all coverage areas. You will be responsible for business development, and leading high quality and impactful CTI services to internal and external clients. You will manage a high-performing team working closely across CDS and CRS with opportunities to grow into service line leadership. The successful candidate is expected to oversee management of the full cyber threat intelligence lifecycle, contributing to a broad range of cyber-security incident cases and oversee the management of the CTI team.

In this role we are looking for a person who can demonstrate a strong pedigree in cyber threat intelligence. You will be expected to work alongside a number of incident response case managers, penetration testers and DFIR practitioners, as well as have the opportunity to work with, and learn from, the service leadership as part of your continuous development.

When not responding to incidents, you may be helping our clients to build their in-house CTI capabilities, which could include: building and developing CTI tools, authoring and adapting runbooks/playbooks and threat hunts, assessing the CTI maturity and assisting in table-top cyber-scenario exercises. When not engaged in client work, you will be helping to develop our own delivery capability, including operational efficiency, standard operating procedures, team learning and development, tooling and platforms, lab development and orchestration.