Share this Job

List X Security Controller

Date: Jan 11, 2019

Location: London, United Kingdom

Company: KPMG UK

AutoReq ID140458BR
Job TitleList X Security Controller
CountryUnited Kingdom
FunctionKPMG Business Services
Service LineQRM
Service Line InformationQuality and Risk Management are the responsibility of each partner and employee. This responsibility includes the need to understand and adhere to member firm policies and associated procedures in carrying out their day-to-day activities. UK Quality & Risk Management teams help to set, implement and enforce policies and procedures designed to help to enable KPMG UK and its personnel to achieve the following key objectives: (i) oversee and monitor service quality, (ii) protect the brand and reputation of KPMG, (iii) comply with laws, (iv) regulations and professional standards, and (v) minimize the risk of financial claims against KPMG UK.

KPMG OverviewKPMG is part of a global network of firms that offers Audit, Tax & Pensions, Consulting, Deal Advisory and Technology services. Through the talent of over 16,000 colleagues, we bring our creativity and insight to our clients’ most critical challenges.

With offices across the UK, we work with everyone from small start-ups and individuals to major multinationals, in virtually every industry imaginable. Our work is often complex, yet our vision is simple: to be the clear choice for our clients, for our people and for the communities we work in.

Job Description
The role holder will be a key manager in the Information Protection team and will have visibility of the three lines of defence in the KPMG UK firm, managing second line of defence policy and compliance activities, providing oversight over the first line of defence and supporting the third line of defence when necessary. The role holder will also have responsibility for the development and maintenance of the firm’s information security policies in relation to our List X certification. KPMG is an accredited List X Contractor for Government work. This allows KPMG to work on hard copy material up to and including Top Secret in our secure facilities. Being a List X Contractor allows KPMG to sponsor staff for security clearances which is crucial in winning and delivering work across Government.

Key Stakeholders

CISO/Head of Information Protection
Government and Defence security officials
Business and functional managers

Key Responsibilities


• Manage the second line of defence List X assurance and compliance plan and deliver this across the firm
- Manage oversight of first line of defence activity and information risks including the scope and delivery of control testing
- Support third line of defence internal and external audits
- Manage the relationship with Defence Equipment and Support (DE&S) Principal Security Advisor (PSyA) and maintenance of the KPMG List X certification
- Agreeing Security Aspects Letters for all engagements involving material classified higher than Official.
- Maintain and enhance the delivery of engagements across all Defence and Government clients and conduct oversight over this activity
- Support the firm’s mission to build client trust and confidence with regard to information security
- Stay abreast of industry best practice in relation to information security governance, risk & compliance


• Manage the development, maintenance and communication of the UK firm’s List X information security policies
- Preparing and implementing the Company Security Instructions (as defined HMG’s Security Requirements for List X Contractors)
- Promote good information security practice and standards across the firm
Risk Management
- Support proactive and timely identification, evaluation and recording of non-compliance and information security risks
- Foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalating issues in line with the Information Risk & Control Framework.

Awareness and collaboration

- Establish strong relationships with business and functional teams
- Arranging for appropriate security education and awareness training.
- Establish strong relationships with DE&S and other relevant stakeholders
- Build on and preserve the firm’s reputation with clients, with regard to information security

Knowledge, experience and skills

Technical Knowledge and qualifications

- Proven experience of information security in a Defence or Government capacity
- Practical expertise in developing information security policy and standards
- Strong knowledge of information security standards (e.g. Cabinet Office Security Policy Framework, ISF Standard of Good Practice for Information Security, JSP 440, JSP 470)
- Strong understanding of privacy requirements (including GDPR)
- Strong working knowledge of the IT security aspects of IT infrastructure (network and servers) and services, including Cloud computing
- Security certifications preferred (CISSP, CISA or equivalent)
- Ability to attain a high level of national security vetting (NSV SC as minimum)

Leadership skills

- Experience of leading and inspiring others, providing guidance, mentoring and planning
- Ability to deal with a broad range of stakeholders at all levels, both internal and external, in a confident and assured manner
- Ability to prioritize and manage a complex workload, including multiple tasks for themselves and direct reports
- Strong influencing skills

Analytical skills

- Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions and recommendations
- Ability to understand business drivers and risk appetite and to align information security compliance accordingly
- Strong analytical and problem solving skills

Personal Qualities

• A good team player, with the ability to act independently and exercise sound judgment
- Excellent communication skills, both written and verbal
- Multi-cultural awareness and sensitivity
- Strong integrity, independence and resilience
- Excellent attention to detail combined with strategic vision

Our DealIf the chance to work with interesting clients and innovative technology wasn’t rewarding enough, we’ll motivate you in other ways too. At KPMG you can expect real responsibilities and opportunities to grow professionally.

‘Our Deal’ sets out all the different ways you’ll be rewarded at KPMG. Among other things you can benefit from honest conversations about your career as well as a range of other rewards. In all these ways and more, we have created an environment that can bring out the best in you.

Flexible WorkingWhile some of our client-facing professionals can be required to travel regularly, and at times be based at client sites, we are supportive where possible of helping you to achieve a balance between your home and work demands.

We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest. Furthermore, as part of the recruitment process, we can put you in touch with people who work flexibly so you can understand from them what our culture is like.

Applying with a DisabilityKPMG are proud to be an inclusive, equal opportunity employer and we seek to attract and retain the best people from the widest possible talent pool. As a member of the Business Disability Forum we're committed to ensuring that you are treated fairly throughout our Recruitment Process. Should you be successful after the initial application stage, please discuss any reasonable adjustments that you may require, with your recruitment contact.

KPMG's commitment to diversity

We are proud of the value we place on individuality; we want you to bring your full self to work and truly maximise your potential. We believe that your individuality helps us to deliver the best results for our clients. Diversity of background, diversity of experience, diversity of perspective - that's the KPMG difference. But, don't take our word for it, find out more about diversity at KPMG.

Returning to work after a break
At KPMG, we appreciate that returning to work after an extended career break can be daunting. We understand that those with experience who have taken a career break have a wealth of experience and knowledge to offer our organisation, which helps us to achieve our business goals. We will support you to refresh your skills, develop your confidence and provide a supportive network across the firm to help you best integrate into the working environment. This role welcomes applications for individuals who have been out of work for 18 months or more and who have previous relevant experience.

Policy for Agencies

KPMG has a commitment to sourcing candidates directly and as such we do not accept speculative CV’s from agencies. Please check here to see our policy on agencies: Policy

Job Segment: Accounting, Consulting, Claims, Risk Management, Security, Finance, Technology, Insurance