Share this Job

Global Information Protection Assurance Manager

Date: Nov 24, 2021

Location: London, United Kingdom

Company: KPMG UK

KPMGI Group Context and Background
Global Quality & Risk Management (GQ&RM) Information Protection Risk Management (IPRM) consists of multicultural global teams with strong information protection (security and privacy) experience. IPRM drives adoption of a consistent global information protection strategy for the network of KPMG member firms and focuses on collaboration among Member Firms. This includes Assurance services and the information protection controls audit (IPCA) program. The IPCA program represents a key mechanism to demonstrate KPMG efforts to keep and maintain a consistent baseline of information protection across the network of member firms that helps ensure service delivery in a trusted manner.


Role Summary
Provide a brief description and purpose of the role. Include the impact of performing these responsibilities on KPMGI goals and objectives

Based in the newly formed Global Risk Management Information Protection team , reporting to the Information Protection controls Audit Program Lead, you will be responsible for maintaining and enhancing the Information Protection Controls Audit (IPCA) program framework for the KPMG member firms to follow and perform the Information Protection Control Audits. The IPCA team are responsible for the program framework, the management of the IPCA solution. managing training of the member firms and responding to queries and for the evaluation and reporting of trends arising from the program and assessing the quality of audits conducted by KPMG International and Member Firms.

Key Accountabilities
- Responsible for supporting the information protection controls audit (IPCA) program of the Global Quality & Risk Management, Information that KPMG member firms follow to perform IPCAs
- Maintains and enhances the IPCA program framework (requirements and materials) based on global policy, standard requirements, industry leading practices and feedback from stakeholders. Communicates IPCA program requirements and materials, develops and delivers training for these. Monitors and responds to inquiries about the IPCA program. Maintains supporting technology solution requirements and monitors and tests IPCA solution to ensure that it meets requirements. Maintains team process and procedures up to date.
- Executes against IPCA program activities, monitors delivery based on available resources and timeframe and reports status. Formally documents key activities performed by the IPCA program team and performs assessment of activities performed against plan and requirements
- Performs quality reviews of executed IPCAs, oversees supporting resources, communicates and discusses results of reviews with Member Firm and KPMG International
- Analyzes and identifies trends, proposes solutions for challenges, prepares and presents status reporting status to ERM reporting
- Regular engagement and communication with the network of member firms on progress and status of the IPCA Program
- Close liaison with, Information Protection Group, Global Risk Management Information Protection and ISQM1 groups on execution of controls
- Budget and financial oversight of Assurance operations and activities
Technical Skills & Qualifications
- Core advisory skills including business process analysis, financial analysis, performance assessment, project management, risk assessment, designing and proposing solutions of identified challenges, overseeing execution and status reporting to executive management
- Bachelor’s degree from an accredited college/university;
- Minimum 5 years of relevant experience in information protection (security and privacy), of which a minimum of 3 years performing and managing assessments / audits;
- Strong background in scoping, planning, performing and managing audits in an ISO 27001 based control environment and familiar with other related frameworks (e.g. ISO 27017 and ISO 27005). Certified lead auditor on ISO27001 and global Professional services experience;
- Good knowledge of privacy auditing with GDPR experience;
- Good background in Microsoft technology and Cloud Services;
- Strong verbal and presentation skills;
- Strong interpersonal skills and ability to communicate effectively both verbally and in writing, particularly with senior level global stakeholders;
- Experience in project management and ability to manage and deliver multiple activities
- Agility and ability to adapt to changing priorities in fast paced environment;
- Proven working experience in a risk management role is preferred;
Experience & Knowledge
- Consult with relevant stakeholders in first and second line information security to determine control requirements relating to the business of KPMG International and the network of member firms;
- Defining the information protection controls audit framework to manage a set of information protection controls designed to mitigate risks, based on the requirements of ISO27001, ISQM1, Privacy and other control frameworks where required;
- Liaising with the Global Information Protection Risk Management Policy group, where changes to Policies impact the baseline information protection controls;
- Locating and defining new process improvement opportunities to continuously enhance and improve the information protection controls audit program;
- Supporting the Information Protection Controls Audit Lead in the delivery of projects and initiatives within the group;
- Supporting the other GQRM team members with recurring or ad hoc information requests (e.g., Status reports, trend analysis)
- Ability to analyze and review the quality of an executed IPCA and consistently form opinion upon how the audits and the program can be improved more closely meet policy requirements; and
- Responsible for the oversight and supervision of teams providing support services to the IPCA Program


Job Segment: Information Security, Information Technology, IT Manager, Risk Management, Manager, Technology, Finance, Management