Global CSIRT Lead

Job description

About KPMG International

Together with more than 273,000 colleagues in 143 countries throughout our member firms, people at KPMG imagine big ideas and bring solutions to life for clients both big and small. A role with KPMG International will open a world of opportunity in your career.

KPMG International helps set the strategy and protects the reputation of this global organization of independent professional services firms providing Audit, Tax and Advisory services. We deliver value to our member firms and drive positive change in the communities we serve. By joining us you will gain a unique understanding of how a global organization operates and work on projects that impact the whole organization. From setting standards and best practices to developing innovative tech- enabled solutions for clients, you'll be part of a global team changing the way our business operates. We look forward to welcoming you to our team.

About this Global Group

Global Technology & Knowledge

The core services provided by Global Technology & Knowledge are more crucial than ever to our future, as we enable KPMG’s digital transformation, provide trusted technology services, ensure security across the network and accelerate our Collective Strategy.

Our ways of working are based on the principles of customer-centricity, communities of expertise, an optimized delivery model, flexibility, a culture of empowerment, and fulfilling careers.

We are organized under five new ‘domains’: Technology Portfolio Delivery, Global Enterprise Technology, Technology Strategy & Blueprint, Global Information Security Group and Business Operations.

This is an exciting time for us as we continue to drive technology excellence at the heart of Collective Strategy v3.0, and our GT&K colleagues all play a pivotal role in making this a success.

About this Team

Global Information Security Group (GISG) is one of five domains within KPMG’s Global Technology & Knowledge group. GISG provides the information protection and technology infrastructure that secures KPMG’s technology environment and connects its network of member firms. GISG works with the other GT&K domains to ensure that appropriate security controls are in place for KPMG technology solutions.

As part of the Global Information Security Group (GISG), the Information Security Services (ISS) team which includes the Global Security Operations Center (GSOC) helps defend KPMG and its clients from cyber attacks, through timely detection, investigation and remediation of potential threats.

Role summary

The Director – Global Cyber Security Incident Response Team (CSIRT) Lead, holds a pivotal strategic role within KPMG’s Global Information Security Services (ISS) function.   This role will set the strategic direction for CSIRT, within Global, embedding AI into the core capabilities and leveraging its findings to drive enterprise-wide transformations across firms.  This role must navigate complex regulatory requirements, managing high risk and high pressure decisions, supporting but not limited to providing recommendations to implement isolation of member firm from the network, inline with the crisis protocols

This role presents an exciting opportunity to join a growing team and play a key part in building and shaping the future of the Cyber Security Incident Response Team (CSIRT) across the global organisation. Reporting directly to the Global Head of ISS, the Director will stand up the new global CSIRT capability, by developing and leading the continuous improvement of the processes and technologies that support core CSIRT services.  The role will be accountable for budget allocations, resource planning across multiple regions, leveraging 3rd party resources where required to support demand.

The ideal candidate will be a strategic thinker with the ability to design, implement, and oversee CSIRT operations. They will ensure KPMG maintains the capability to respond to and recover from cybersecurity threats on a 24/7 basis across its global network, managing cross-border leaderships, informing Global leadership, IOGC, GCISO, GSIO and equivalents within member firms of key finds to support actions carried out that could lead to disciplinary consequences.

This role also involves staffing and leading a high-performing team dedicated to managing both cybersecurity and information handling incidents within KPMG, mentoring other leaders across the firms and driving talent strategy

This role will be required to act as cyber commander (part of a roster) during a critical or major incident and supporting cyber commanders when off roster.

Key Accountabilities

Digital Forensics & Incident Response (DFIR) Oversight & Information Handling incident oversight

• Oversee Digital forensics investigations associated with cyber events across multiple different jurisdictions, acting as a subject matter expert for GISG, Global Risk Management, Global Legal Counsel, Global communications, Global Privacy Liaison and other forensic SME’s from other firms when involved with cyber security events to lead with route cause analysis, being an investigation SME and leading a team to support with remediation, containment, eradication and recovery actions.
• Act as a SME to support advise to stakeholders (Risk Management, OGC, Global comms, CISO) on halting business activities, isolating member firms inline with the Global Crisis protocols and cyber threats impacting multiple firms.
• Direct accountability for Global Cyber Security response and forensics integrity, ensuring the lifecycle of a cyber incident is owned post identification – specifically, Containment, Eradication and liaising on Recovery phases for operations teams.
• Evolution of service to support remediation, containment, eradiation and recovery of threats to KPMG AI models or AI agents.
• Develop and execute the information security incident response capabilities across the global network, this will include Information incidents as well
• Ensure timely and effective response to cyber incidents and information incidents, including containment, investigation, recovery, and post-incident analysis.
• Maintain readiness for 24x7 incident response operations across the Globe
• Responsible for Digital Forensic coordination with retained teams when required
• Lead the development, evolution and execution of incident response within KPMG International.and protocols required to support DFIR and information incidents across all firms from and end to end.  Ensuring lessons learned are part of the overall feedback process
• Act as a central co-ordination team across DFIR teams to use and leverage the right tools, techniques and processes for all member firms.

Strategic Leadership & Stakeholder Engagement

• Engagement across GCISO, Global Risk Management, Global OGC, Global Privacy Liaison, GCIO and member firms supporting teams to resolve multi firm incidents.
• Engagement across cyber advisory DFIR teams, ensuring the work carried by either US, UK or 3rd party meets the calibre of work expected to support advise provided to stakeholders.
• Lead the design, implementation and operational maturity of the Global Security Incident Response Framework (GSIRF), whilst being cognisant of regulatory environments of member firms to be supported.
• Transforming incident response capabilities into a proactive AI-enabled with automation and orchestration function across a globally federated network of firms and business functions.
• Transforming incident response capabilities to manage DFIR within AI-enabled environments.
• Providing concise and accurate information to GCISO, Global Risk Management, Global OGC, Global Privacy Liaison, GCIO to support decision making to isolate a business function or isolate a member firm.
• Engage with senior stakeholders across Global, Global Functions, and member firms to align incident response capabilities with business priorities.
• Represent ISS in executive forums and ensure visibility of cyber risk posture and response readiness.
• Engage with external 3rd party teams and ensure protocols are followed inline with existing processes and evolving these processes where deemed appropriate.

Cross-Functional Integration & Alignment

• Lead collaboration efforts across member firm and business function DFIR teams to ensure evolution of service if fit for purpose.
• Collaborate with teams across ISS functions, Global Enterprise Technology (GET), Global Functions, Regional Security Delivery (RSD) and Member Firms to ensure cohesive incident response strategies, and act as a feedback loop to services and member firms with regards to lessons learnt from incidents
• Align CSIRT processes with enterprise risk management, legal, compliance, and business continuity functions.
• Drive integration of threat intelligence and vulnerability data into incident response workflows.
• Engagement with GISG teams, RSD to ensure that lessons learnt from incidents are captured and followed up on by teams responsible.
• Provide input into the Budget requirements to evolve the service to meet the current and future challenges.

Innovation & Service Evolution

• Lead the innovation of this service to support the business and member firms across multiple clouds and AI cyber based events.
• Lead the expansion of the service to provide DFIR service to multiple firms.
• Lead the innovation of this service to leverage services from UK and US forensics teams,
• Be a key driver of the evolution of ISS services by identifying emerging technologies, Security Monitoring & Response (SMR) control gaps and process improvements using automation and AI.
• Contribute to the innovation roadmap and pilot new solutions in collaboration with the Global Security Innovation Lead.

Team Leadership & Capability Development

•            Lead and mentor a high-performing global team of incident responders and forensic analysts.

•            Foster a culture of excellence, collaboration, and continuous learning.

•            Develop and execute training and simulation programs to enhance team readiness.

Experience / Knowledge / Qualification

1. Leadership & Strategic Experience
   1. Proven experience with minimum of 7 years leading and managing incident response teams, ideally within highly regulated industries such as professional services, finance, healthcare, or energy.
   2. Demonstrated success in building and operating information security response services or other managed security services in high volume, result-oriented operational environment.
   3. Strong leadership and team management skills, with the ability to inspire, develop, and motivate high-performing teams.
   4. Experience building and implementing effective cybersecurity strategies at scale.

2. Technical Expertise in Cybersecurity & Incident Response
   1. Deep understanding of security operations, threat intelligence, vulnerability management, and incident response.
   2. Strong knowledge of enterprise security tools and platforms (e.g. Security Information and Event Management (SIEM), Security orchestration, automation, and response (SOAR), Endpoint Detection and Response (EDR), vulnerability scanners).
   3. Proven ability to manage and respond to complex security incidents and data breaches.
   4. Strong troubleshooting and problem-solving skills, with the ability to remain calm and effective under pressure.

3. Risk, Governance & Regulatory Knowledge
   1. Strong understanding of cyber and data risk factors impacting information security.
   2. In-depth knowledge of cybersecurity regulations, standards, and best practices.
   3. High level of integrity and professionalism, with a commitment to ethical conduct and confidentiality.

4. Communication & Stakeholder Engagement
   1. Exceptional communication and interpersonal skills, with the ability to collaborate and affect change across diverse global stakeholders.
   2. Strong analytical skills with the ability to assess and mitigate risks and influence decision-making at senior levels.

5. Education & Certifications
   1. Bachelor’s, Master’s, or PhD in Computing, Information Security, or a related field (or equivalent professional experience).

Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH) are highly desirable.

Agile/Flexible Working

At KPMG International, we are supportive of helping you to achieve a balance between your home and work demands. We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest. Please ask to find out more.

KPMG International's commitment to inclusion & diversity

At KPMG International, we recognise that we need inclusion and diversity to be successful. We want to attract, retain and develop diverse talent at all levels. This means recruiting from the widest pool of talent across our network and beyond, removing barriers that can prevent our people from reaching their full potential, and fostering a fully inclusive environment which empowers everyone to bring their whole selves to work.

Applying with a disability

KPMG International is proud to be an inclusive place to work and we are committed to ensuring that you are treated fairly throughout our recruitment process. Should you be successful after the initial application stage, please discuss any reasonable adjustments that you may require with your recruitment contact.