Share this Job

SOC2 Attestation Senior Manager

Date: Nov 29, 2018

Location: London, United Kingdom

Company: KPMG UK

AutoReq ID138227BR
Job TitleSOC2 Attestation Senior Manager
CountryUnited Kingdom
LocationLondon
FunctionKPMG Business Services
Service LineIHQ
Service Line Information

KPMG OverviewKPMG is part of a global network of firms that offers Audit, Tax & Pensions, Consulting, Deal Advisory and Technology services. Through the talent of over 16,000 colleagues, we bring our creativity and insight to our clients’ most critical challenges.

With offices across the UK, we work with everyone from small start-ups and individuals to major multinationals, in virtually every industry imaginable. Our work is often complex, yet our vision is simple: to be the clear choice for our clients, for our people and for the communities we work in.

Job Description
The Team:
KPMG International, ITS Global, Information Protection Group (IPG)
The KPMG International Information Protection Group (IPG) focuses on improving security, privacy and data rights management across the network of KPMG member firms. The Global Attestation SOC2 team manages independent attestation SOC2 efforts that help depict adherence of Global KPMG solutions to risk and security standards and build cybersecurity and client trust.

The Role:
Reporting to the Attestation and Compliance Director this position will provide attestation support to a global IT services group related to producing attestation (SOC2 Type 2) reports, particularly for IT controls. In addition, the successful candidate will complete general information protection and IT controls compliance activities, including supporting business areas in interpretation of frameworks, control design, support of internal and external audits, responding to audit findings, process improvements and other activities to manage and extend the IT control environment.

- Form strong collaborative and advisory relationships with SOC2 report owners, business and IT stakeholders to become a trusted source of compliance information and direction
- Provide leading practice and current guidance to SOC2 report owners in appropriately developing and maintaining their SOC2 reports, particularly as report standards change
- Work closely with IT and business stakeholders to clarify compliance requirements and drive implementation of process improvements.
- Continue to develop and communicate the SOC2 report governance processes
- Plan for and coordinate multiple SOC2 readiness and attestation streams for multiple business lines
- Assist in ensuring that IT controls are appropriately designed and effective
- Coordinating and scheduling auditors, tracking and reporting on progress. Maintain close supervision of independent service auditors through the audit process and provide updates to report owners.
- Assist in gathering and tracking appropriate evidence to support IT controls.
- Support process owners with documenting remediation plans and target dates for completion. Manage remediation processes for audit findings and process issues. Identify and manage relevant documentation, risk assessments and past audit findings.
- Deliver SOC2 report program reporting utilizing tools to track planning, scheduling, issues, risks and overall status of compliance efforts.
- Perform analysis on SOC2 report results to strengthen reports year over year
- Participate in broader external compliance communities to keep up with industry leading practices and emerging trends
- Continually work to identify methods to simplify the audit process for IT resources
- Support project reporting activities to track planning, scheduling, issues, risks and overall status of attestation and compliance efforts.

The Person:
- Very good knowledge of SSAE 18 Service Organization Control (SOC) 1 / SOC 2 attestation standards, reporting requirements and audit procedures
- Experience coordinating and overseeing SOC reporting audits and reviewing SOC reports
- Strong knowledge of IT and IT operations, especially cloud-based
- Excellent business process analysis and report writing skills
- Capable of critical thinking and executing plans into action
- Good communicator with strong presentation skills
- Experienced working in multi-cultural environments and sensitive to different business cultures
- Strong ability to multi-task and work independently within a global team
- Methodical approach to work, attention to detail and delivery of high quality results

Working Environment
- Travel: Low (up to 20%, typically planned well in advance)

Education & Qualifications
- Ideally you will have 4 to 6 years of experience, with at least 4 years of information protection assessment and attestation experience within a corporate environment (global companies preferred)
- Preferably a Bachelor’s degree or higher from an accredited college / university (preferably in Computer Science, Computer Engineering, Information Security, Management Information Systems or other relevant field) – Masters (post-graduate) degree a plus
- Strong experience performing SOC2 Type 2, SOX, internal or external audit, including supervisory experience
- Professional information security audit / assessment and information security management certifications preferred, such as CISA, CISM, CISSP ISO 27001 Auditor
- Hold a valid passport and able to travel periodically on business assignments
- Fluent in English, other languages spoken a plus, such as Spanish, French, Mandarin

Our DealIf the chance to work with interesting clients and innovative technology wasn’t rewarding enough, we’ll motivate you in other ways too. At KPMG you can expect real responsibilities and opportunities to grow professionally.


‘Our Deal’ sets out all the different ways you’ll be rewarded at KPMG. Among other things you can benefit from honest conversations about your career as well as a range of other rewards. In all these ways and more, we have created an environment that can bring out the best in you.

Flexible WorkingWhile some of our client-facing professionals can be required to travel regularly, and at times be based at client sites, we are supportive where possible of helping you to achieve a balance between your home and work demands.

We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest. Furthermore, as part of the recruitment process, we can put you in touch with people who work flexibly so you can understand from them what our culture is like.

Applying with a DisabilityKPMG are proud to be an inclusive, equal opportunity employer and we seek to attract and retain the best people from the widest possible talent pool. As a member of the Business Disability Forum we're committed to ensuring that you are treated fairly throughout our Recruitment Process. Should you be successful after the initial application stage, please discuss any reasonable adjustments that you may require, with your recruitment contact.

KPMG's commitment to diversity

We are proud of the value we place on individuality; we want you to bring your full self to work and truly maximise your potential. We believe that your individuality helps us to deliver the best results for our clients. Diversity of background, diversity of experience, diversity of perspective - that's the KPMG difference. But, don't take our word for it, find out more about diversity at KPMG.



Returning to work after a break
At KPMG, we appreciate that returning to work after an extended career break can be daunting. We understand that those with experience who have taken a career break have a wealth of experience and knowledge to offer our organisation, which helps us to achieve our business goals. We will support you to refresh your skills, develop your confidence and provide a supportive network across the firm to help you best integrate into the working environment. This role welcomes applications for individuals who have been out of work for 18 months or more and who have previous relevant experience.

Policy for Agencies

KPMG has a commitment to sourcing candidates directly and as such we do not accept speculative CV’s from agencies. Please check here to see our policy on agencies: Policy


Job Segment: Consulting, Information Systems, Manager, Computer Science, Business Process, Technology, Management