I'm looking for

The Team

The Financial Services Technology Risk Consulting team is focused on providing consultancy, advice and assurance on our clients' technology risks and controls. The market is evolving at pace and innovating, whilst embracing the digital age. We are building out our team to advise clients on emerging and legacy technology risks and controls. We are focused on project and programme risk, operational and technology resilience, technology risk and control, impact of regulatory change on data and technology and third party risk management. All underpinned by analytics. We deliver our work through consulting projects, focused on risk and control assurance, as well as projects with 2nd and 3rd lines of defence.
The Role

• Building global relationships and actively seeking out the global networks best experts to address client needs
• Communicating compelling and well thought out solutions to complex problems
• Building constructive working relationships across different teams, functions, countries or cultures
• Work with Partners and Directors in delivering risk services to the Financial Services sector with particular focus on Third Party Risk Management
• Oversight of delivery of Third Party Risk Management consulting projects - including reviews of maturity, process, governance and operating model. Advice on automation and tooling, conulting advice on regulatory requirements and expectations on Third Party Risk Management. Oversee and deliver end to end supplier assurance projects and Third Party Risk Management transformation projects
• Assume ownership of key client relationships, identify revenue-generating opportunities and get involved in business development activities.
• Build and develop relationships with key market contacts
• Develop industry and technical expertise and be positioned as an Third Party Risk Management SME for the Financial Services sector
• Identify, anticipate and recommend the need for and make changes to third party risk management methodologies and related services in response to changing risk profiles and regulatory expectations
• Build relationships with other departments to further develop and mature KPMG's Third Party Risk Management offering
• Understand the Financial Services industry - key performance drivers, emerging technical and industry developments
The Person

• Recognises the importance of continuous self and team development and actively strives to achieve this.
• Helps others to understand how their work contributes to the overall success of an engagement and the wider firm
• Fosters a sense of self belief and confidence in others
• Seeks to understand others motivations
• Supports others to make brave decisions
Qualifications and Skills
• Proven experience of successfully managing and delivering risk and controls assessments.
• Proven experience of implementing Third Party Risk Management frameworks in large Financial Services organisations
• Thorough understanding of Third Party Risk Management and experience of developing Third Party Risk Management programs for Financial Services organisations
• Extensive knowledge and insight of regulatory requirements and expectations on Third Party Risk Management and wider risks
• Extensive knowledge of related regulations
• Degree/masters qualification in IT
Experience and Background
• Experience of building Third Party Risk Management programs in the Financial Services sector from the ground-up
• Experience of the end to end procurement lifecycle
• Extensive experience of working with UK regulators to provide knowledge and insights on regulatory thinking on third party risk management
• Experience of reviewing Third Party Risk Management for banks and/or insurers and providing gap assessments and remediation plans
• Experience of managing business and IT stakeholders from across the business and all levels of seniority, including CIO, CFO and CISO
• Ability to identify and assess IT risks and controls, to relate them to the wider business environment and to express opinions clearly to all levels
• Strong understanding of Financial Services sector
• A good understanding of technology platforms
• Strong leadership skills both on engagements and in an office environment
• Ability to play an active role in the business development process
• Ability to present on specific subjects to a large group of people
• Strong analytical skills and ability to adapt to changing circumstances
• Demonstrate professional scepticism - proven track record of constructively challenging clients to drive best results
• An aptitude for embracing and adapting to new technology
• Ability to spot opportunities to add value to clients and work with colleagues in other lines of service to help clients
• Ability to work flexibly in terms of working hours to accommodate tight timelines and manage well under pressure

The Role
Do you want to “hack the gibson?” Do you enjoy playing a “nice game of chess”? If we said “hack the planet” would you be able to tell us the film? At KPMG we are looking for a Senior Manager who lives and breathes hacking and information security. You will have earned your stripes doing CHECK work in data centres and be ready to, or already skilled in leading teams of talented testers.
In return we will provide some of the UK’s most unique government and commercial engagements for you to cut your teeth on and a friendly, passionate team to develop and grow.
The KPMG’s Cyber Defence (CDS) Team conducts client facing technical assurance and penetration testing and has a long and successful history in KPMG. Our clients are diverse, and we cover many sectors with specialisms in Financial Services, High-end Defence Assurance and Telecommunications. We work closely with the NCSC developing new schemes such as Cross Domain Solutions Testing (https://www.ncsc.gov.uk/blog-post/ncsc-cross-domain-industry-pilot-stage-2) and are members of all current NCSC and CREST testing schemes - as a result we conduct interesting and challenging work that isn’t on offer elsewhere.
Our team is made up of skilled individuals at different stages in their careers, centred around three locations in Leeds, Bristol and London, therefore we can offer flexibility in base location, as well as embracing remote working and team management.
Responsibilities
As this is a senior role, we want your business brain as well as your technical hacking skills. You will have ideas of how to drive the business forward and be skilled in the commercial aspects of security testing, above all you will know what clients are looking for when they buy security testing and how to deliver it.
Aspects of the role include:
• Management and delivery of penetration testing services to clients to include the following:
o Scoping
o Financial and risk management
o Delivery of testing and the oversight of testers
o Review of deliverables (QA)
• Coaching and developing team members through sharing of experience and knowledge.
• Performance management of junior staff.
• Continuous development of self and team, including managing client feedback.
• Monitoring quality of service and products to clients and carrying out improvement or development as necessary.
• Actively identifying and progressing business development opportunities, as well as managing sales activities such as proposal writing and assisting with client presentations and debriefs.
• Developing constructive client relationships, both inside and outside of KPMG.
• Developing an understanding of KPMG’s broader offerings to enable identification of business opportunities
Experience and Background

Required:
• Passion for Hacking!
• Clear and demonstrable understanding of red-teaming/penetration testing, including NCSC and CREST accredited schemes such as xBEST, STAR/STAR-FS, CHECK.
• Proven experience of successfully managing and delivering testing engagements on time and to budget.
• Proven experience working within the UK cyber security industry
• Demonstrable understanding and practical application of information security principles
• Strong technical background in computing, networks, and programming.
• Proven experience of producing high quality deliverables working alone and as part of a team.
• Excellent communication skills (written and verbal)
• Experience leading, coaching and mentoring highly technical teams
• A genuine interest and desire to work with large multi-national clients in the information security field.
Advantageous:
• Knowledge of NCSC CTAS and CPA Assurance Schemes
• Knowledge of working in secure environments (List X facilities) and accredited labs (ISO17025)
• Research and Development experience
• Threat Intelligence experience
• Standing and positive reputation in the information security community is seen as a plus.
Qualifications and Skills

Qualifications are a good way to demonstrate knowledge but are not the be all and end all, our team is made up of many individuals with diverse backgrounds who all share the “hacker mindset”.
If you have the experience, then we want you to apply. Didn’t do a degree in information security? A-Levels weren’t as good as you hoped. Haven’t attended every SANS course going, we don’t mind!
For this role we only have two formal requirements.
• CREST CCSAS qualification or be working towards CCSAS and ready to sit soon.
• UK Government Security Clearance – the ability to apply for and hold SC is required, DV is advantageous.
Above all, KPMG is looking for someone who is passionate about helping our clients (including the UK Government) with their cyber security challenges. In return, we are committed to helping you enjoy the role and develop your skills and career within the KPMG network.

The Team

KPMG is acknowledged by Forrester as a leader in providing cyber security consultancy. We are investing in building our Financial Services Cyber team to meet growing demand and provide a comprehensive range of services to many of the largest financial services companies. We help our clients protect, detect and respond to high end cyber threats; helping them understand the cyber threat landscape, make sensible decisions on investment priorities, and build the specialist capabilities they need to counter financial crime and other threats. We believe that cyber security is about helping our clients to harness business opportunities safely and securely. For us, cyber security isn't just a technical issue, it is one which engages the whole business and focusses on a holistic approach to understanding and mitigating the risk.

The team is an integral part of our rapidly growing UK Cyber practice. Our team works closely with KPMG’s broader advisory practice to link cyber security to financial crime and risk management, operational resilience and IT transformation
We are keen to recruit talented people who have the energy and drive to succeed in a dynamic and challenging environment and who have a passion for delivering excellent service and building strong relationships.
The team works in an agile and flexible manner, with plenty of opportunities to develop new skills and gain new knowledge. We are keen to support and develop our people to enable them to be the best they can be.
We believe we are market leaders in promoting diversity and inclusion in the workplace and want to encourage applications from people of all backgrounds and cultures.

Take a look at our website with the link below to see “What Makes Us Different”
http://www.kpmg.com/UK/en/about/WhatMakesUsDifferent/Diversity/Pages/default.aspx

The Role

You will be a Senior Manager within the Financial Services Cyber team helping both grow our business and ensure our teams deliver high quality advice to clients. You should expect to be involved in a wide range of challenging engagements, ranging from major executive level cyber exercises and threat reviews, through optimisation of client security controls and cyber security programmes, to providing specialist support on issues such as cyber strategy, third party risk etc.
Our clients are under increasing regulatory scrutiny, continually battling a rapidly changing cybercrime threat while harnessing the opportunities offered by digital services.
As a Senior Manager, we expect you to understand the business issues and to be able to translate complex cyber security issues into straightforward, credible, jargon free advice to our clients; and delivering the support they require.
If you are able to help our clients seize the opportunity offered by the digital world, securely, then you are the type of person we are looking for.

Responsibilities

Management and delivery of challenging, complex client engagements to ensure quality and value to our clients by:
• Understanding their business challenges and the threats they face
• Helping them navigate the increasingly complex cyber security regulatory environment
• Advising on cyber security governance, frameworks and operating models
• Helping them optimise their approach to cyber security controls and risk management
• Getting the balance right between protection, detection, reaction and response to cyber attack
• Linking cyber security to other consultancy offerings on risk management, resilience and IT transformation to provide holistic support to our clients
• Coaching and developing team members through sharing of experience and knowledge, as well as managing the performance and development of other team members
• Upholding KPMG’s values by acting with integrity
• Building and managing multiple client relationships
• Project managing engagements to deliver high quality work in a timely manner to include: scoping / financial management (budgeting) / engagement and risk management / production and review of deliverables.
• Fee generation through actively identifying and progressing business development opportunities, as well as managing sales activities such as proposal development and client presentations.
• Contributing to practice management, e.g. knowledge sharing, training, proposition development, and knowledge management.
Experience
We expect that you will have:
• Proven track record in cyber security environment within professional services or an in-house information security function, preferably in Financial Services.
• Track record within the financial services showing understanding of the business, threat and regulatory issues faced by clients.
• Proven experience of delivering one or more of the following areas: strategy, transformation, governance, cyber resilience, identity and access management.
• Proven experience of successfully managing complex cyber security services in a commercial environment, ensuring the delivery of high quality work on time and to budget.
• Proven ability to lead work at sustained levels of high intensity, and inspire drive and resilience in others.
• Proven ability to analyse problems, identify core issues and recommend appropriate solutions
• Proven ability in taking appropriate action after monitoring/reviewing the progress and performance of others.
• Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
• Excellent communication skills (both written and oral), negotiation and project management skills
• Ability to develop excellent relationships both internally and with clients at a senior level.
• A genuine interest and desire to work in the cyber security field.
• Knowledge of a broad range of cyber security topics e.g. governance, identity and access management, supply chain risks, security operations, incident management etc.
• A good understanding of technology platforms.

Qualifications
• Degree level qualified preferred
• Recognised cyber security qualifications (e.g. CISSP, CISM, M.Inst ISP, etc.), or comparable experience

Additional Information
The role can be based in anyone of our major offices in the UK (Manchester, London, Leeds, Edinburgh or Glasgow) and will include travel; candidates must have a willingness to travel frequently, both domestically and internationally on occasions, with the potential to be away from home for set periods of time.

The Team

Within the FS Technology Risk team, our work involves providing advisory, assurance and IT Internal Audit services to clients on their IT systems and processes. Our focus is on IT risk management, IT controls testing, IT project assurance, GRC, Emerging Tech and the Technology and Data aspects of regulation. This work is delivered through stand-alone assignments, large scale consulting projects and as part of internal audit engagements.

The Role

Responsibilities:

• Managing delivery of IT Internal Audit services in the Financial Services Sector.
• Taking responsibility for the overall output from client engagements including scoping, financial management, risk management, managing delivery risk, production, quality and review of deliverables.
• Building and maintaining excellent relationships across a range of clients and prospects including senior leadership.
• Actively identifying and progressing business development opportunities and supporting the team with sales activities such as proposal writing and assisting with client presentations.
• Participating in service line development, reporting to the service line leader on progress of development, sales and delivery.
• Developing internal networks and maintaining excellent relationships with colleagues across KPMG, in particular in the wider IT Advisory practice.
• Coaching, mentoring and developing team members, both on and off engagements (e.g. setting goals and appraising performance), and contributing to practice management (e.g. training and knowledge sharing).

The Person

Experience and Background :

• Proven experience of successfully delivering IT internal audits to, or within, medium to large multi-national clients with complex IT environments and applications.
• Experience in identifying and assessing complex IT risks and controls, to relate them to the wider business environment and to express opinions clearly.
• Strong project management skills including being able to manage multiple assignments simultaneously, to manage teams effectively, and to deliver projects on time and to budget.
• Able to add value to assignments through an analytical approach to work, and adept at challenging existing processes to identify and implement smarter ways of working.
• Able to develop excellent client and internal relationships at all levels of seniority.
• Proficient at creating and delivering captivating presentations to audiences comprising groups of clients, prospects and/or internal staff.
• Excellent team player as well as able to deliver engagements independently
• Experience of auditing application controls for a range of business processes within a Financial Services environment, cyber audits, infrastructure testing, data management and experience in auditing emerging technologies such as AI & Machine Learning, cloud.
• Professional services experience (big 4 or similar FS IT Internal Audit industry experience).
Degree qualification.
• CISA or equivalent auditing qualification preferred

The Team

Within the FS Technology Risk team, our work involves providing advisory, assurance and IT Internal Audit services to clients on their IT systems and processes. Our focus is on IT risk management, IT controls testing, IT project assurance, GRC, Emerging Tech and the Technology and Data aspects of regulation. This work is delivered through stand-alone assignments, large scale consulting projects and as part of internal audit engagements.

The Role

Responsibilities:

• Managing delivery of IT Internal Audit services in the Financial Services Sector.
• Taking responsibility for the overall output from client engagements including scoping, financial management, risk management, managing delivery risk, production, quality and review of deliverables.
• Building and maintaining excellent relationships across a range of clients and prospects including senior leadership.
• Actively identifying and progressing business development opportunities and supporting the team with sales activities such as proposal writing and assisting with client presentations.
• Participating in service line development, reporting to the service line leader on progress of development, sales and delivery.
• Developing internal networks and maintaining excellent relationships with colleagues across KPMG, in particular in the wider IT Advisory practice.
• Coaching, mentoring and developing team members, both on and off engagements (e.g. setting goals and appraising performance), and contributing to practice management (e.g. training and knowledge sharing).

The Person

Experience and Background :

• Proven experience of successfully delivering IT internal audits to, or within, medium to large multi-national clients with complex IT environments and applications.
• Experience in identifying and assessing complex IT risks and controls, to relate them to the wider business environment and to express opinions clearly.
• Strong project management skills including being able to manage multiple assignments simultaneously, to manage teams effectively, and to deliver projects on time and to budget.
• Able to add value to assignments through an analytical approach to work, and adept at challenging existing processes to identify and implement smarter ways of working.
• Able to develop excellent client and internal relationships at all levels of seniority.
• Proficient at creating and delivering captivating presentations to audiences comprising groups of clients, prospects and/or internal staff.
• Excellent team player as well as able to deliver engagements independently
• Experience of auditing application controls for a range of business processes within a Financial Services environment, cyber audits, infrastructure testing, data management and experience in auditing emerging technologies such as AI & Machine Learning, cloud.
• Professional services experience (big 4 or similar FS IT Internal Audit industry experience).
Degree qualification.
• CISA or equivalent auditing qualification preferred