Attestation Manager

Job description

About KPMG International

Together with more than 276,000 colleagues in 138 countries throughout our member firms, people at KPMG imagine big ideas and bring solutions to life for clients both big and small. A role with KPMG International will open a world of opportunity in your career.

KPMG International helps set the strategy and protects the reputation of this global organization of independent professional services firms providing Audit, Tax and Advisory services. We deliver value to our member firms and drive positive change in the communities we serve. By joining us you will gain a unique understanding of how a global organization operates and work on projects that impact the whole organization. From setting standards and best practices to developing innovative tech- enabled solutions for clients, you'll be part of a global team changing the way our business operates. We look forward to welcoming you to our team.

About this Global Group

The core services provided by Global Technology & Knowledge are more crucial than ever to our future, as we enable KPMG’s digital transformation, provide trusted technology services, ensure security across the network and accelerate our Collective Strategy.

Our ways of working are based on the principles of customer-centricity, communities of expertise, an optimized delivery model, flexibility, a culture of empowerment, and fulfilling careers.

We are organized under five new ‘domains’: Technology Portfolio Delivery, Global Enterprise Technology, Technology Strategy & Blueprint, Global Information Security Group and Business Operations.

This is an exciting time for us as we continue to drive technology excellence at the heart of Collective Strategy v3.0, and our GT&K colleagues all play a pivotal role in making this a success.

GT&K consists of multicultural global teams with strong information protection (security and privacy) experience. 

About this team
Technology Assurance Management services focus on management of certification, attestation and independent testing audits of global technology systems and services on the cloud, and alignment of efforts and efficiencies. Efficient and effective information protection audits provide required assurance for and permission to operate key KPMG technology solutions supporting client service delivery.

Role summary

• Plan for and coordinate multiple Service and Organizations Controls (SOC) 2 readiness assessment and examination streams for several business and technology areas, coordinate auditor and key stakeholder meetings, gather requested evidence, track and reporting on progress and provide updates to stakeholders
• Work closely with technology and business stakeholders to clarify compliance requirements and drive implementation of process improvements, provide leading practice and current guidance to control owners, assist in ensuring that controls are appropriately designed and effective and formally documented following global policies
• Prepare executive management reporting on SOC2 efforts status, support the management of project risks
• Identify methods to leverage testing for several certification, internal audit and attestation purposes and efficiently coordinate relevant activities 
• Oversee activities to ensure that audits are planned in advance, considering scope overlaps, stakeholder outreach and resource limitations, and managed according to procedures. Develops and implements PMO processes.
• Identify trends and proposes robust solutions for challenges. Identify themes in information protection audit observations and suggests solutions to efficiently address based on industry experience, leading practices and global technology group context.
• Collaborate with other KPMGI/ GT&K teams, advising on suitable approach for auditable information protection practices and audit success, while ensuring minimum burden on business as usual activities.

Key Accountabilities

• Plan for and coordinate Service and Organizations Controls (SOC) 2 readiness assessment and examination streams for in-scope business and technology areas. Includes coordination of auditor and key stakeholder meetings, gathering requested evidence, tracking and reporting on progress and providing updates to stakeholders
• Prepare executive management reporting on SOC2 efforts status, support the management of project risks
• Identify methods to leverage testing for several certification, internal audit and attestation purposes and efficiently coordinate relevant activities 
• Develops and implements PMO processes for audit management
• Identify trends and proposes robust solutions for challenges. Identify themes in information protection audit observations and suggests solutions to efficiently address based on industry experience, leading practices and global technology group context.
• Collaborate with other KPMGI/ GT&K teams, advising on suitable approach for auditable information protection practices and audit success, while ensuring minimum burden on business as usual activities.

Experience / Knowledge / Qualifications:

• Proven experience in information protection, including leading and / or managing information protection controls assessments, such as those based on ISO27001, ISO27017 and SSAE18 / System and Organization Control 2 / SOC2 for cloud platforms (internal and / or external assessments).
• Program and project management skills and experience. Proven track record of leading multiple projects or programs, through the management of teams of cross-discipline specialists. Ability to multi-task, adapt strategy based on competing priorities and work independently within a global team. High quality results delivery with attention to detail.
• Experience of senior stakeholder management (including ability to efficiently articulate challenges), ability to apply forward thinking mindset, develop service strategy and understand business impact.
• Information security auditing experience and certifications a big plus, such as CISA or Certified ISO 27001 Lead Auditor.
• Strong cloud information protection audit experience that includes scoping, planning, performing, managing, reporting and remediation monitoring activities.
• Possess excellent business writing, reporting, presentation and communication skills in English.
• Strong SOC2 and IT operations knowledge. ISO27001 and ISO27017 standards and cloud security knowledge a big plus.
• Ability to manage but also be hands-on when required.
• Excellent communication and presentation skills, including executive reporting skills
• Information security certifications would be a big plus, such as CISA or Certified ISO 27001 Lead Auditor.

Agile/Flexible Working

At KPMG International, we are supportive of helping you to achieve a balance between your home and work demands. We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest. Please ask to find out more.

KPMG International's commitment to inclusion & diversity

At KPMG International, we recognise that we need inclusion and diversity to be successful. We want to attract, retain and develop diverse talent at all levels. This means recruiting from the widest pool of talent across our network and beyond, removing barriers that can prevent our people from reaching their full potential, and fostering a fully inclusive environment which empowers everyone to bring their whole selves to work.

Applying with a disability

KPMG International is proud to be an inclusive place to work and we are committed to ensuring that you are treated fairly throughout our recruitment process. Should you be successful after the initial application stage, please discuss any reasonable adjustments that you may require with your recruitment contact.