Share this Job

SECURITY MANAGER (FTC - 12 MONTHS)

Date: Jun 10, 2021

Location: Leeds, United Kingdom

Company: KPMG UK

Job Title: Security Manager
Location: Leeds
KPMG Grade: C

Job Summary
The Information Security Manager will manage compliance to both client and KPMG information security requirements for the Learning Services offering. The Information Security Manager will be responsible for ensuring information security operational processes are completed, continually improved and client project information security risks are appropriately managed in conjunction with KPMG internal and client risk management processes. The Information Security Manager will be responsible for driving and improving the security culture within the Learning Services offering, acting as a champion and role model for information security within the wider KPMG framework of security culture development.
The Information Security Manager will apply their skills and experience to act as the main point of contact for Learning Services for queries related to data protection and privacy. The Information Security Manager will work closely with the KPMG Learning Services staff (including 3rdparty suppliers), KPMG’s internal information security department and any required client information security contacts, building strong working relationships.
As a team leader, the Security Manager must embody KPMG’s values, act as a role model, and build commitment and belief toward the accomplishment of the team’s goals.

The Role
Onboarding new client projects from an information security perspective
• Develop plan for onboarding, delivering on activities related to plan and communicating updates accordingly.
•Review and input to client project information security contractual clauses.
•Owning the completion and approval of any Information Protection Plans (IPPs)
•Liaising with clients and internal KPMG staff as required to ensure client project is mobilised from an information security perspective.
Information security management of client projects in-scope:
•Manage information security risks related to the client projects within the Learning Services offering (including any 3rd party suppliers). Support capturing of privacy, information security and data governance risks and working with central KPMG internal information security to ensure risk registers are updated. Communicate risk position to the required stakeholders.
•Manage security incidents and co-ordinate data incident actions with relevant internal and external stakeholders and ensure all required actions are completed in accordance with central security incident management framework.
•Respond to internal queries regarding to information security and data privacy. Use sound judgement to escalate queries to other central KPMG functions – such as Risk & Legal, Information Security and Data Privacy as appropriate.
•Work with central KPMG internal information security function to review/improve technical controls for information protection – such as data loss prevention (DLP) rules.
•Develop, deliver and continually improve client project tailored information security training and awareness – e.g. newsletters, presentations, new joiner pack
•Phishing Testing – planning and co-ordinating email and voice phishing testing with relevant follow up activities, in conjunction with central KPMG internal information security function.
•Develop, implement, review and improve client project specific user access management processes (such as joiners, movers and leavers)
•Conduct and manage periodic user access reviews (UARs) and user entitlement reviews (UER)
•Ensure technical or organisational changes go through the relevant design or assurance forums for approval and completion of impact assessments.
•Support management of security testing e.g. vendor management, resource management, logistics, reporting internally within KPMG and to the Client, etc.)
•Driving the remediation of security test findings with the Technology support teams
•Support internal KPMG information security team with ongoing 3rd party supplier security assurance (e.g. supplier security questionnaires, supplier security audits in person, etc.)
•Support internal KPMG information security team with any emergent client security assurance activities (such as client security audits).
•Ongoing ownership and management of required information security documentation (e.g. IPPs).
•Share experiences with others to assist their learning and understanding, providing coaching and mentoring to junior staff members.
•Actively engage with others in order to address their views/concerns.
Data Privacy
•Maintain register of personal data processing activities (Article 30) for Learning Services client projects.
• Support Data Subject Request (DSR), manage and co-ordinate all data subject requests from receipt to conclusion (as per procedure) for Learning Services client projects in liaison with the central KPMG Data Privacy team.
•Support central KPMG Data Privacy team with roll-out of new and updated data protection and privacy policies and procedures.
Business continuity:
•Reviewing, implementing, improving and updating Business Continuity Plan (BCP) & IT Disaster Recovery Plan (ITDR) aligning to ISO 22301 in conjunction with central KPMG BCP management team.
•Manage regular testing of the BC & ITDR plans, including lesson learned reports.
Client interaction
•On behalf of KPMG, chair client security working groups.
•Preparation and management of information security documentation required by the client – such as security management plans.
•Attend any client meetings and respond to client queries in relation to information security.
Accountabilities
•Single point of contact (for the client and for KPMG client project teams) for information security related items for the client projects in scope.
•Development and delivery of information security training and awareness material tailored for business function.
•Ownership of client projects specific delivery of operational information security processes in conjunction with the central KPMG information security function.
•Management of the Learning Services data privacy related processes and queries.
•Ownership of client project information security documentation and artefacts
•Oversight of Learning Services 3rd party supplier’s security assurance
•Ownership of the Business Continuity Plan for the Learning Services client projects.
•Onboarding of new client projects into the Learning Services service line from an information security perspective.


Job Segment: Consulting, Risk Management, Manager, Compliance, Security, Technology, Finance, Management, Legal