Global Digital Risk Policy Senior Manager

Job description

About KPMG International

Together with more than 273,000 colleagues in 143 countries throughout our member firms, people at KPMG imagine big ideas and bring solutions to life for clients both big and small. A role with KPMG International will open a world of opportunity in your career.

KPMG International helps set the strategy and protects the reputation of this global organization of independent professional services firms providing Audit, Tax and Advisory services. We deliver value to our member firms and drive positive change in the communities we serve. By joining us you will gain a unique understanding of how a global organization operates and work on projects that impact the whole organization. From setting standards and best practices to developing innovative tech- enabled solutions for clients, you'll be part of a global team changing the way our business operates. We look forward to welcoming you to our team.

About this Global Group
Global Quality & Risk Management (GQ&RM) helps protect the KPMG brand and reputation by dealing with live issues and learning quickly from challenges across the network. GQ&RM develops globally consistent quality and risk management policies to enable the business to make smart, agile decisions, and we monitor compliance and the quality of delivery across all three functions. GQ&RM is comprised of a number of high-performing teams, including: Advisory Risk, Audit Risk, Tax & Legal Risk, Digital Risk, Risk Assessment, Monitoring and Reporting, Policy, Independence, Ethics, Business Operations, Transformation and Operations. Working together, our global team is delivering value to our member firms and functions and driving our ambition to become the most trusted and trustworthy professional services firm.

About this Team

Global Digital Risk Team (GDR) is responsible for the development, maintenance, and assurance of the Firm's critical global information protection policies, and controls. As 2nd Line of Responsibility (2 LOR) GDR also conducts Governance, Assessment and Monitoring to produce insights into known and emerging Digital Risks to provide an enterprise-wide view of risks across the Network. This ensures KPMG consistently and effectively identifies, manages and mitigates Digital Risks across our organization.
 

The GDR Policy team is responsible for developing, communicating and maintaining policies and related materials addressing information risk, security and privacy in KPMG.
 

KPMG's policies are designed to meet the firm's business requirements and expectations of external parties and clients. These materials define the minimum baselines for those areas for all KPMG organizations

Role summary

The Policy Lead is responsible for developing and maintaining Global Information Security Policies and Security Standards, which define the minimum-security baseline for all KPMG entities.  The role requires a blend of policy expertise, technical skills, and the management skills to drive policy development and enhancements to ensure that our security baseline meets the firm's business requirements and expectations of external parties, regulators and clients, and is aligned to industry frameworks.

The Policy Lead reports to and supports the GDR Senior Leadership Team.

Key Accountabilities
 

Policy Management

• Act as the GDR Policy Lead subject matter expert (SME) to develop and update KPMG Global Digital Risk Policies and guidance materials ensuring alignment to industry standards such as ISO and NIST;
• Act as one of GDR’s AI Delegates representing GDR on the Global AI Trusted Design Authority Working Group and the GQ&RM AI Taskforce providing policy advice on the adoption of AI at KPMG.
• Manage resources who support Policy Portal Maintenance and the Policy Exceptions Process.
• Provide oversight of the existing Policy Exceptions Process and work with other stakeholder groups to ensure process is fit for purpose and exceptions are reviewed and decided on in a timely manner and in line with Policy.
  
  

Policy Governance

• Lead the GDR Information Protection Policy Working Group (IPPWG), which is a formal policy governance body made up of KPMG International and Member Firm stakeholders that facilitates the review, updating and voting on Policy materials;
• Coordinate further ratification and communication of new or updated materials to other formal policy governance bodies, such as the Policy Development Working Group and the Global Quality and Risk Management Steering Group
• Working with the central policy team, prepare the pre-read materials and subsequent communication (Special Alert) to communicate updates to GDR policies to the network of member firms.

Compliance and Attestations

• Support the GDR Senior Leadership Team in regular tasks related to compliance, attestations and certification audits (specifically ISO27K, SOC2, SoQM, IPCR) and Global client requests related to our policy materials.
• Support KPMG’s Cyber Insurance submission, responding to Cyber Insurance questionnaires and providing Policy and Governance advice and documentation.

Stakeholder Management

• IPPWG – Maintain one to one calls with IPPWG members to discuss feedback, input and questions;
• Representing GDR –

• Represent GDR on Security Standards working groups and review Standards for compliance with GDR Information Protection Policies.
• Responding and contributing to AI policy requirements from an information security perspective and as directed by AI governance bodies.

Supporting GDR

• Provide advice and support to other KPMGI Functions, Business Lines and KPMG’s Network of Member Firms on a wide range of information protection strategic and operational priorities, including those related to artificial intelligence (AI).

Experience / Knowledge / Qualification

• Proven experience in policy writing, development, management and or compliance in one or more of the following areas: information security, information protection, risk management, artificial intelligence. 
• Demonstrated experience of critical and analytical skills with ability to research, interpret and translate technical information into well written policy materials
• Strong understanding of Cyber risks, threats, security principles and best practices. Prior experience in the analysis of emerging digital risks, including those related to artificial intelligence highly desired
• In depth knowledge of security industry frameworks including ISO 27001 suite of standards, NIST 800-53 and related NIST standards, Cloud Control Matrix (CSA), COBIT
• Proven experience in supporting attestations, certifications and related audits: e.g. ISO 27001, SOC2, SoQM
• Excellent and proven writing skills with ability to formulate policy clauses, policy documents and communications of policy requirements to the KPMG network
• Excellence moderation, negotiation and communication skills
• Bachelor’s degree in an appropriate subject from an accredited college or university or equivalent work experience
• Professional qualifications (e.g. CISSP, CISM or CRISC) is desirable but not essential  

Agile/Flexible Working

At KPMG International, we are supportive of helping you to achieve a balance between your home and work demands. We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest. Please ask to find out more.

KPMG International's commitment to inclusion & diversity

At KPMG International, we recognise that we need inclusion and diversity to be successful. We want to attract, retain and develop diverse talent at all levels. This means recruiting from the widest pool of talent across our network and beyond, removing barriers that can prevent our people from reaching their full potential, and fostering a fully inclusive environment which empowers everyone to bring their whole selves to work.

Applying with a disability

KPMG International is proud to be an inclusive place to work and we are committed to ensuring that you are treated fairly throughout our recruitment process. Should you be successful after the initial application stage, please discuss any reasonable adjustments that you may require with your recruitment contact.