I'm looking for
Search results for "IT Risk Management (IRM)"
IT Internal Audit Manager - Technology Risk -
Service Line: Connected Technology
IT Risk and Controls Assistant Manager - Financial Services
Service Line: Connected Technology
Director - Asset Management Advisory - IAG
Service Line: Corporate Finance
Manager - Audit Business Risk
Service Line: Audit
Vulnerability Management Lead
Service Line: Solutions & Digital
Banking Risk Consultant - Climate Risk - Manager
Service Line: FRM
Within the FS Technology Risk team, our work involves providing advisory, assurance and IT Internal Audit services to clients on their IT systems and processes. Our focus is on IT risk management, IT controls testing, IT project assurance, GRC, Emerging Tech and the Technology and Data aspects of regulation. This work is delivered through stand-alone assignments, large scale consulting projects and as part of internal audit engagements.
• Managing delivery of IT Internal Audit services in the Financial Services Sector.
• Taking responsibility for the overall output from client engagements including scoping, financial management, risk management, managing delivery risk, production, quality and review of deliverables.
• Building and maintaining excellent relationships across a range of clients and prospects including senior leadership.
• Actively identifying and progressing business development opportunities and supporting the team with sales activities such as proposal writing and assisting with client presentations.
• Participating in service line development, reporting to the service line leader on progress of development, sales and delivery.
• Developing internal networks and maintaining excellent relationships with colleagues across KPMG, in particular in the wider IT Advisory practice.
• Coaching, mentoring and developing team members, both on and off engagements (e.g. setting goals and appraising performance), and contributing to practice management (e.g. training and knowledge sharing).
Experience and Background :
• Proven experience of successfully delivering IT internal audits to, or within, medium to large multi-national clients with complex IT environments and applications.
• Experience in identifying and assessing complex IT risks and controls, to relate them to the wider business environment and to express opinions clearly.
• Experience of auditing automated application controls for a range of business processes within a Financial Services environment, cyber audits, infrastructure testing, data management and experience in auditing emerging technologies such as AI, Machine Learning and Cloud. Also experiences within Payments attestations would be beneficial
• Strong project management skills including being able to manage multiple assignments simultaneously, to manage teams effectively, and to deliver projects on time and to budget.
• Able to add value to assignments through an analytical approach to work, and adept at challenging existing processes to identify and implement smarter ways of working.
• Able to develop excellent client and internal relationships at all levels of seniority.
• Proficient at creating and delivering captivating presentations to audiences comprising groups of clients, prospects and/or internal staff.
• Excellent team player as well as able to deliver engagements independently
• Professional services experience (Big 4 or similar FS IT Internal Audit industry experience).
• Experience within FinCrime would be advantageous
• CISA or equivalent auditing qualification preferred
The Financial Services Technology Risk Consulting team is focused on providing consultancy, advice and assurance on our clients' technology risks and controls. The market is evolving at pace and innovating, whilst embracing the digital age.
We are expanding our team to advise clients on emerging and legacy technology risks and controls due to the ever-increasing challenges that clients are faced with. The focus of the team is on project and programme risk, operational and technology resilience, technology risk and control, impact of regulatory change on data and technology and third-party risk management.
We deliver our work through consulting projects, focused on risk and control assurance, supporting teams across the 1st, 2nd and 3rd lines of defence.
KPMG are growing their FS Emerging Technology Risk team to meet an ever-increasing demand for our market leading services and are seeking IT management consultants with relevant expertise and experience. We are looking for an individual that has a passion for technology and has experience of working in or assessing cloud environments to help be part of a dynamic and growing team.
Job Description: Joining KPMG means joining a talented team of exceptional colleagues who bring innovative thoughts and a natural curiosity to the work they do each day. No one type of person succeeds at KPMG; a diverse business requires diverse personalities, characters and perspectives. There really is a place for you here.
• Builds and develops positive constructive relationships inside and outside KPMG
• Assessing problems from multiple angles to ensure all relevant issues are considered when making decisions
• Proactively driving forward new and creative ideas which benefit the client
• Deliver technology risk consulting projects in Financial Services leading teams and working independently providing client-side advice
• Deliver technology risk control testing and transformation projects, providing support on advice to first and second lines of defence on operating models, frameworks, taxonomy, risk and control services
• Deliver client services on IT control testing, cloud technology and other technology risk related projects.
• Take responsibility for client liaison and relationship
• Take responsibility for delivering projects and engagements.
• Quality assure testing undertaken offshore or by junior members of staff
• Identify revenue-generating opportunities and support business development activities such as proposal writing, pitch presentations
• Develop relationships with FS clients (CIO, Head of Technology Risk, CRO, Head of Information Security, COO)
• A collaborative team player who can bring others with them.
• A self-starter with a can does attitude.
• Someone who is looking for an exciting and dynamic challenge, with an appetite and ambition to progress.
• Recognises the importance of continuous self and team development and actively strives to achieve this.
• Seeks to understand other motivations
• Takes time to learn about other people and their experiences and how to apply this learning
• Demonstrates curiosity and open mindedness to new ideas approaches and perspectives
• Actively engages with others in order to address their views/concerns
Qualifications and Skills
• Proven experience of successfully delivering large IT risk and control projects or audit engagements either within a Big 4 firm or a large Financial Services Institution
• Recognised accounting / auditing (eg CISA) / risk qualification
• Experience in an IT risk and control / audit environment.
• Knowledge and experience of the cloud would be ideal, but not essential.
• Degree/masters qualification in IT
Experience and Background
• Experience of managing IT Risk and Control projects or audits in the FS sector with experience of working in teams
• Experience of managing business and IT stakeholders from across the business and all levels of seniority
• Ability to identify and assess complex IT risks and controls, to relate them to the wider business environment and to express opinions clearly to all levels
• Strong understanding of FS sector – business processes / products / keys risks
• A good understanding of technology platforms
• Good knowledge of different operating systems, databases, networking, security concepts and technologies from an IT risk and controls perspective
• Ability to play an active role in the business development process
• Strong analytical skills and ability to adapt to changing circumstances
• Demonstrate professional scepticism - proven track record of compliance with quality standards and an ability to balance an efficient and compliant audit
• An aptitude for embracing and adapting to new technology
• Ability to work flexibly in terms of working hours to accommodate tight timelines and manage well under pressure
We are seeking an infrastructure professional with a good understanding of asset management principles and the transformation of infrastructure organisations together with a strong track record making real change in these organisations. The individual should have a good track record in professional services including both work winning and delivery together with a proven reputation in the sector. They will
the Industry leading Asset Management professional to become the subject matter expert for KPMG UK supporting all AMA activity across the business including Operating Model Transformation, Strategy and Planning, Internal Audit, Transactions, Risk and Technology.
Services provided by the AMA Team:
- Asset organisation and operating model design and transformation
- Development and delivery of asset management improvement programmes
- Asset investment planning and decision-making frameworks
- Network resilience and maintenance planning including risk-based approaches
- Assurance and SME peer review of key business processes
- Data and technology advisory services for the asset lifecycle
- Development of strategic plans and businesses cases
As a Director in our team you will be responsible, amongst other things for:
- Leading large, complex client engagements, operating at board level and the level below.
- Leading the KPMG team on project from both the AMA team and across the business
- Identifying and recruiting talent
- Be the focus for the asset management capability and bring insights and leading practice to share across sectors
- Ensuring KPMG's quality and risk management procedures are completed to the appropriate standard.
- Pro-actively keeping up to date with Asset Management thinking on a global level.
- Coaching and mentoring other staff.
- Being a role model for less experienced staff and for the firm's values
- Targeting key clients in-line with our strategy and developing a pipeline of opportunities to support the growth of the AMA business
- Building sustainable relationships with client in key markets including P&U and/or transport
- Working with other parts of KPMG to win work aligned with our strategy
- Building a strong external and internal network to promote our services and the value provided
- Pro-actively promoting our services
- Supporting the development with thought leadership and speaking engagements
We are looking for a person who can work at pace and bring experience and practical solutions across the broad services we provide and is able to work across different client types. Proven experience in delivering complex engagements, with a high level of client relationship management and a track record of delivery high quality outputs and securing further work. The technical background will varying and will likely to come from an asset, project and/or business management background for asset intensive organisations.
- Track record in improving performance of asset intensive organisations at an enterprise level adopting the principles of asset management
- Excellent presentation and communications experience engaging with board level representatives in this area.
- Understanding transformation of asset intensive organisations
- End to end process for asset management and capital delivery for asset intensive organisations
- Life-cycle decision-making and the ability to manage and direct the creation of asset management plans, capital programmes or maintenance regimes
- Assessing and managing risks at both a service/network level and an asset level.
- Good understanding of asset management information and knowledge management
- Experience in one or more key sectors of Transport, Defence, Property/Estates or Utilities
- Good client relationship track record.
- Commercial awareness.
- Relevant advisory / consulting / assurance experience.
- Managing change in asset management IT systems and capabilities
- Asset performance management
- Contractor and supplier management
- Asset care and maintenance management
- Sustainable asset management
- Techniques for whole-life costing and accounting
- Asset management information systems
The Business Risk Manager supports the Head of Business Risk through a wide variety of projects and activities. The objective of the role is to help ensure that the Firm’s core risk policies are complied with by working closely with engagement teams and leadership teams across different business units. The audit landscape is changing, and for the Business Risk Function to continue to support the Business, the Risk Function needs to be proactive and not reactive to risk.
The Business Risk Function is embedded into the Audit Function and as such is an integral and important part of the audit function. As the risk environment evolves, due to changes in legislation and reporting standards, the current policies and processes will need to be aligned to those changes. In order to achieve this successfully the function works closely with other areas of the business such as Audit Risk Management, Central Risk, Office of General Counsel, Finance and Sentinel.
The role requires initiative and flexibility, suiting an efficient organiser.
The Manager will support the Head of Business Risk for Audit where the team will contribute to providing support to the Audit Function and the wider Audit Risk Management Function. This will include managing three Assistant Managers across the Audit Business Risk Function.
Risk MI and Risk Register – Assist the Head of Business Risk in:
• Contributing to the development, reporting and management of risk-related MI to support Audit and Risk leadership.
• Supporting Audit leadership in identifying risks and appropriate actions required to manage/bring back identified risks within risk appetites.
• Supporting the implementation and operation of strategic initiatives on portfolio management from commercial and/or risk perspectives.
• Providing risk updates and reports to the Head of Business Risk
Risk Operating System – Microsoft Dynamics (“MSD”)
• Managing the monthly and yearly data validation for audit
• Working with Firm-wide Ethics & Independence team to identify and resolve potential rotational breaches
• Managing the risk data within MSD, which will include identifying and rectifying risk errors
• To act as a Business Risk MSD Super User. You will be required to provide ongoing support, advice and training to engagement teams with regards to MSD engagement management set-up
• Management of data for monthly reporting which will include producing deliverables for both internal and external reviews to include Regulators
• Take ownership of the partner rotation process, working with Partners and Segment Heads. You will be required to identify potential regulatory breaches and escalate to the Head of Business Risk where appropriate
• Analysis and delivery of all Partner / Director succession planning
• Monitor the information currently held on the MSD system, ensuring that the information is set up correctly and challenge where appropriate
• Management of KGS as and when required
• Attend briefings and training sessions led by Central Audit Risk and communicate outputs back to the function
• Supporting and Advising Key Stakeholders of the Business as and when required
Annual Risk Review
• Supporting with output of the Annual Risk Review process in collaboration with Audit Risk
• Support the Head of Business Risk and leadership teams implement actions in response to findings from the Annual Risk Review process
• Supporting the Head of Business Risk with ad hoc regulatory reporting
• Supporting the Head of Business Risk with requests from the Regulatory Affairs Department and responses to regulatory queries
• Management of non-financial sanctions
• Supporting requests for Regulatory Compliance Reviews which will include working with the audit teams to collate and analyse responses
• Record keeping of other regulatory requirements
• Management of Prudential Regulation Authority (“PRA”) and Financial Conduct Authority (“FCA”) resignation process
• Support the Head of Business Risk to manage the responses needed for the monthly risk analysis and Other Entity of Public Interest (“OEPI”) tools
• Provide responses to ad hoc queries that arise from audit teams
• Continue to work on raising the profile of Business Risk across the Firm
• Review of Multi-Firm Engagement (“MFE”) arrangements and provide guidance to audit teams as and when needed
• Provide support with ad hoc projects
• Managing risk consultations and approvals for audit engagement team in line with the Firm’s policies and procedures, working in collaboration with Audit Risk.
Stakeholder Interaction & challenges:
The role will include interactions with senior leadership across audit, risk and engagement teams
Impact, Risk, Accountability & Governance:
This is a role with impact across the Audit Capability Group where there is accountability for significant projects within audit risk management. It may include preparation of reports and risk registers for senior leadership
Experience and Background
— Awareness of the different types of service delivered out of audit firms
— Decision making around engagement acceptance
— Understanding and documenting policies, processes and controls, identifying weaknesses and making and implementing recommendations
— Identifying and reporting on trends in data
— Project management of multiple workstreams alongside unpredictable consultation workload
— Able to get to grips with technical content including law, regulation, assurance standards, contracts and policy and recommend how to apply to practical scenarios
— Confident in exploring opportunities with engagement leaders
— Awareness of the nature and effect of key clauses in professional services contracts
— Advanced Microsoft Office Skills – particularly Excel
— Experience of delivering a range of services at manager level or above within a professional services firm
— Experience of performing risk assessments, scoring risks and preparing risk registers
Qualifications and Skills
— Educated to a degree level
— Risk Management Qualification desirable
— Recognised accountancy qualification desirable
— CISI / ICA Qualified – Desirable
— Experience in a busy team environment
— Experience of Microsoft applications and SharePoint.
— Excellent attention to detail
— Accountability – use own initiative to provide effective support
— Drive and Resilience – time management and organisational skills
— Building Relationships – good communication skills (both written and oral)
— Problem Solving
— Flexibility – adaptable to changing situations
— Team management
— Team working
— Project management
— Experience of Microsoft Dynamics desirable but not essential
This role is in the Security Advisory and Assessment (SAA) team, within the KPMG UK Information Security function. The SAA team are critical in the assessment, development and delivery of innovative, technology-enabled secure solutions for KPMG and our clients. The SAA team is vital to KPMG’s ability to demonstrate that we are delivering ‘secure by design’ solutions such that our business stakeholders, our clients and our regulators trust KPMG.
The role involves leading and being accountable for the end to end vulnerability management (VM) service. The vulnerability management service helps defend KPMG and its clients by ensuring scans of KPMG information assets are performed and pro-actively managing vulnerabilities in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives.
The Vulnerability Management Lead will:
• Develop the service, using automation, digitisation, security by design and a customer focussed approach as appropriate, and formulate a service strategy for VM within the agreed budget;
• Understand the dependencies & work collaboratively with aligned services & departments such as Data Privacy, Technology, Risk & Legal to provide a consistent and reliable service & approach;
• Maintain good relationships with customer groups and ensure customer satisfaction, by monitoring quality & escalating issues as necessary;
• Take accountability for the VM service and oversee the delivery and quality of the service by your team, other KPMG teams and third parties;
• Lead and manage a team of high performing professionals in delivering a vulnerability management service;
• Provide opportunities and training to develop the skills needed to meet the future needs of the service;
• Be accountable for performing technical risk assessments on vulnerabilities and recommending remediation prioritisation or approving exceptions if necessary;
• Be accountable for working with various internal and external sources to review threat intelligence and vulnerability alerts, assess impact of vulnerabilities in conjunction with Technology and then prioritise actions based on the vulnerability assessment through a risk-based approach to meet KPMG objectives;
• Be accountable for team of specialists who provide subject matter expertise, such as recommending remediation strategies and providing advice on complex configuration changes in support of vulnerability remediation;
• Be accountable for ensuring service documentation, such as process guides, are maintained and kept up to date.
• Be accountable for lifecycle ownership of in-scope technology that supports the vulnerability management service.
• Be responsible for providing reporting to leadership and other service stakeholders on service performance (against KPIs) and vulnerability risk exposure (against KRIs).
• Be responsible for inputting to and reviewing information security policy and standards related to vulnerability management.
• Be responsible for attending and supporting internal and external audits from a vulnerability management service perspective.
• Be Responsible for building and maintaining strong relationships with key stakeholders, such as Information Security leadership, CTO’s, Technology Operations, business service owners and any 3rd parties;
• Provide advice to senior leadership on ways to improve control mechanisms, identify, evaluate, and mitigate risks;
• Work towards and achieve or extend professional certifications as part of personal development;
• Share experiences with others to assist their learning and understanding.
You must have:
• Excellent and relevant experience in a similar vulnerability management leadership role;
• Strong understanding of tooling associated with vulnerability management such as Qualys, Kenna, Microsoft Defender ATP and ServiceNow.
• Experience and knowledge in vulnerability management of applications and infrastructure within the Cloud, such as AWS and Azure;
• Experience with managing senior stakeholders;
• Be able to demonstrate the ability to adapt communication style to explain technical concepts to different people within an organisation whether advising stakeholders, directing teams or sharing experience;
• Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services; and
• Be calm in challenging situations, able to navigate through complex security problems to find a root cause and balanced outcome.
It would be advantageous if you can demonstrate some, or all of:
• Experience with managing a service and developing a product lifecycle;
• Experience with managing third parties to deliver elements of your service;
• Experience and knowledge of container or serverless platforms;
• Any security or vulnerability management product certification.
The Banking Risk and Regulatory team within KPMG’s Risk Consulting group supports our banking clients to effectively manage the wide range of risks to which they are exposed, including financial, reputational and operational risks. We are experienced in managing diverse issues including regulatory compliance, risk management frameworks and financial risk modelling.
Climate risk has emerged as a top priority risk to banks and we are helping our clients to respond to the immense challenges posed by climate change, including how to integrate climate risk management and measurement, and meet global regulatory, investor and stakeholder demands.
We are looking for a Manager who is passionate and enthusiastic about climate change who can bring existing banking risk management expertise and experience, particularly credit risk, to help build out the development of our climate risk proposition and service offerings in this exciting, cutting edge, and incredibly important area, as well as delivering these offerings with our banking clients.
This opportunity is within our Banking Risk team, which is part of our Financial Risk Management consulting practice. This team houses many subject matter experts that focus on supporting our banking clients with achieving their prudential and conduct risk and regulatory objectives.
• Provide expertise / input on climate risk in the context of risk frameworks, governance, management and measurement, stress testing, strategy, and regulatory expectations.
• Contribute to the development of materials, tools and methodologies to support our climate risk proposition for use in client meetings, engagements, events, and broader thought leadership.
• Collaborate with global stakeholders on the development and coordination of climate risk offerings.
• Manages one or more client engagements or components of large scale engagements, delivering high quality climate risk support to our banking clients, including day to day management of team on engagements including coaching, providing constructive feedback and performance development.
• Ensures effective management of the risks and financials of engagements.
• Build and maintain strong relationships with middle to senior level staff internally and externally.
• Use knowledge of KPMG’s climate risk as well as broader service offerings to actively identify potential new business opportunities.
• Contribute to and/or manage the development of proposals.
• Develop and maintain a detailed knowledge of climate risk regulations and an awareness of broader banking regulations, market trends, competitor activity and products/services.
• Provides technical knowledge, coaching and training to junior team members.
This role provides a unique opportunity to be part of building KPMG’s banking risk capabilities in an exciting and rapidly evolving area. It will provide unique visibility across the firm and within our clients, and offer exposure to different parts of the firm, different clients, and different products and engagements.
Experience & Knowledge:
• Extensive experience of working in a risk management role within a financial or professional services firm with practical experience in credit risk, and ideally also across market risk, operational risk, liquidity risk, stress testing, risk frameworks and risk governance
• Experience in managing smaller teams of 2-5 people
• Understanding of the risks faced by financial services due to climate change and how they can be managed, measured, and integrated into banks risk management frameworks
• Knowledge and understanding of banking regulations in relation to climate risk
• Knowledge and experience of credit risk appetite, policies, processes, data, governance and documentation
Qualifications, Skills & Competencies:
• Self-starter, with the ability and desire to do own research and apply existing risk management expertise to new emerging areas such as climate risk frameworks, policies and processes
• Excellent communication skills, both written and oral
• Strong interpersonal skills with the ability to lead diverse groups and develop strong networks
• Flexibility and agility to contribute to a broad range of banking risk engagements
• Strong organisational skills and the ability to multi-task effectively, with a practical solutions-driven approach
• Excellent stakeholder management skills, across individuals within the firm and our banking clients