Share this Job

Information Security Advisor

Date: Apr 1, 2021

Location: London, United Kingdom

Company: KPMG UK

Title: Information Security Advisor (Grade C)
Business unit: Information Assurance
Department: Information Security

The Team
The role holder will support the Information Security Lead Advisor in the design and delivery of the Security Liaison and the Information Assurance Learning & Development services. The role holder will foster a positive security culture, helping to embed security behaviours and serving the KPMG business and Information Security communities.
The role holder will act as a Service Delivery Manager for Security Liaison, championing the perception, understanding and implementation of information security across the firm and promoting the policies, products and services provided by Information Security, in line with the firm’s trust and growth mission.
The role holder will also provide expert information security advice and guidance to the Information Security community, including Business Information Security Officers and Security Champions, delivering a collaborative Learning programme to continually broaden and deepen subject matter and industry knowledge across the team.

The Role
Security Liaison
• Acts as Service Delivery Manager, supporting the design and driving delivery of the Security Liaison service framework, governance and supporting materials
• Promotes two-way information sharing and best practice to ensure business requirements and business strategy inform Information Security activities and solutions
• Promotes the policies, products, services and initiatives of the Information Security function, making engagement and implementation easier for the business and supporting the principle of business enablement
• Supports the design and delivery of a framework for Security Champions across the firm, including an on-going education and training programme for this community
• Leads a virtual team to deliver the Security Liaison service into a specific area of the firm
• Fosters an environment that helps to drive appropriate information risk management activities, including early anticipation, identification and mitigation of information risk.

Information security advisor
• Monitors current, new and emerging general business trends, technology developments, information assurance solutions, industry standards, legislation or regulation, information risk management frameworks, as relevant for information security assurance, and provides practical insights on these to the Information Security community.
• Promotes and leverages information security corporate memberships and special interest groups (eg ISF, SASIG) to support Information Security subject matter and industry knowledge
• Provides expert advice and support to the Information Security community as required.
Information Security learning & development
• Supports the design and delivery of a framework and programme to drive collaborative subject matter learning within Information Security.
• Supports the design and delivery of agendas for Information Assurance / Information Security team meetings, aimed at information sharing and better understanding of both information security and the business and technical environments in the firm.
• Promotes and leverages information security corporate memberships and special interest groups (eg ISF, SASIG) to support Information Security subject matter and industry knowledge
• Provides expert advice and support to the Information Security community as required.

The Person
• Experience of information security in a practitioner capacity, ideally with specific management and governance, risk & compliance experience
• Practical experience of information security awareness and education and a creative flair for presenting information security key messages in an accessible and appealing manner, to a variety of audiences
• Sound knowledge of information security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls)
• Good understanding of privacy requirements (including GDPR)
• Good understanding of information risk management
• Strong working knowledge of the IT security aspects of IT infrastructure (network and servers) and services, including Cloud computing
• Security certifications essential (CISSP or equivalent)
Leadership skills
• Experience of leading and inspiring others desirable
• Ability to deal with a broad range of stakeholders at all levels, both internal and external, in a confident and assured manner
• Ability to prioritize and manage a complex workload, including multiple tasks for themselves
• Strong influencing skills
Analytical skills
• Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions and recommendations
• Ability to understand business drivers and information risk appetite and to align information security advice accordingly
• Strong analytical and problem-solving skills
• Experience of leading projects and scoping work to successfully deliver desired outcomes
Personal qualities
• A good team player, with the ability to act independently and exercise sound judgment
• Excellent communication skills, both written and verbal, and able to explain and present information security matters in language which business stakeholders can understand
• Multi-cultural awareness and sensitivity
• Strong integrity, independence and resilience

Job Segment: Information Security, Corporate Security, Risk Management, Database, Technology, Security, Finance