Share this Job

External Security Compliance Analyst

Date: Jan 21, 2021

Location: London, United Kingdom

Company: KPMG UK

The Team

Role and Responsibilities

The External Security Compliance Analyst reports to the External Security Compliance Manager which is part of the Assurance & Remediation team, Information Assurance.

The External Security Compliance team play a key role in ensuring that KPMG meet their Client and Regulatory requirements through managing KPMG compliance with external certifications such as ISO27001, IPG and CE+, responding to client questionnaires and contract reviews, advising on Information Protection Plans, and project managing audits undertaken by clients on KPMG.as well as the firm wide controls and standards stipulated by KPMG Global and the UK firm; these are designed to meet Client and Regulatory requirements.

The Role requires close co-operation with many KPMG teams across the firms.

The responsibilities of the role include:
•Ensure KPMG certification and/or alignment to ISO27001, CE+, Key Controls and KPMGs Information Security Management Policies by providing support with audits and related preparation exercises.
•Provide support for client enquiries (questionnaires, follow-up meetings) by working with engagement teams, other areas of the firm as well as the clients to provide responses to such enquiries.
•Engage with engagement teams on enquiries regarding Information Protection Plans (IPPs) and liaising with the TISO (Technical Information Security Officer) where their approval is required.
•Provide support for client audit activities, including project management, liaising with areas of the business in scope for audit and other activities to ensure a smooth audit experience.
•Provide support to other areas of Assurance and Remediation as required.
•Provide input and guidance for KPMGs information security management policies.


The Person - Experience and Background

Technical:
•Reasonable relevant experience working in an Information Security role.
•Good working knowledge of IT and Information Security controls.
•Good working knowledge of information Security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls).
•Experience in Data Protection and legal compliance.
•Risk Management knowledge and experience (desirable)
•Experience of producing and reviewing documentation including Policies, Standards, Contracts and Control frameworks (desirable).
•Working knowledge of techniques for planning, monitoring, data analysis and reporting.
•Experienced in a wide base of technology and toolsets.

Personal:
•Ability to develop and leverage strong relationships with internal and external stakeholders.
•Self-motivated, working independently, managing own workload.
•Ethical, with the ability to remain impartial and report all non-compliances.
•Organisational skills with attention to detail.
•Flexible and willing to work within other Information Assurance teams.


Job Segment: Compliance, Risk Management, Law, Database, Security, Legal, Finance, Technology