Share this Job

Security Technical Assessment Lead

Date: Feb 25, 2021

Location: London, United Kingdom

Company: KPMG UK

Security Technical Assessment Lead

The Team
This role is in the Security Advisory and Assessments team (SAA), within the KPMG UK Information Security function. The SAA team are critical in the assessment, development and delivery of innovative, technology-enabled secure solutions for KPMG and our clients. The SAA team is vital to KPMG’s ability to demonstrate that we are delivering ‘secure by design’ solutions such that our business stakeholders, our clients and our regulators trust KPMG.

The Role
The role involves leading and being accountable for the security technical assessments and technical remediation support. The security technical assessments service helps defend KPMG and its clients by ensuring security technical assessments of KPMG information assets are performed and pro-actively driving findings and remediations in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives.
The Security Technical Assessment lead will:
• Develop the service, using automation, digitisation, security by design and a customer focussed approach as appropriate, and formulate a service strategy for security technical assessments within the agreed budget;
• Understand the dependencies & work collaboratively with aligned services & departments such as Data Privacy, Technology, Risk & Legal to provide a consistent and reliable service & approach;
• Maintain good relationships with customer groups and ensure customer satisfaction, by monitoring quality & escalating issues as necessary;
• Take accountability for the security technical assessments service and oversee the delivery and quality of the service by your team, other KPMG teams and third parties;
• Lead and manage a team of high performing professionals in delivering a security technical assessments service;
• Provide opportunities and training to develop the skills needed to meet the future needs of the service;
• Be accountable for performing security technical assessments (such as penetration testing, security configuration reviews, change reviews and red team testing) on KPMG managed technology solutions, driving remediation of findings or approving exceptions where necessary;
• Be accountable for team of specialists who provide subject matter expertise, such as recommending remediation strategies and providing advice on complex configuration changes in support of security technical assessment remediation;
• Be accountable for ensuring service documentation, such as process guides, are maintained and kept up to date.
• Be accountable for lifecycle ownership of in-scope technology that supports the security technical assessment service.
• Be responsible for providing reporting to leadership and other service stakeholders on service performance (against KPIs) and risk exposure (against KRIs).
• Be responsible for inputting to and reviewing information security policy and standards related to security technical assessments.
• Be responsible for attending and supporting internal and external audits from a security technical assessments service perspective.
• Be Responsible for building and maintaining strong relationships with key stakeholders, such as Information Security leadership, CTO’s, Technology Operations, business service owners and any 3rd parties;
• Provide advice to senior leadership on ways to improve control mechanisms, identify, evaluate, and mitigate risks;
• Work towards and achieve or extend professional certifications as part of personal development;
• Share experiences with others to assist their learning and understanding.

The Person
Essential:
• Excellent and relevant experience in a similar security technical assessment leadership role;
• Strong understanding of tooling associated with security technical assessments such as AWS Config, Azure Policy, Static Application Security Testing and Dynamic Application Security Testing;
• Experience and knowledge in security technical assessments of applications and infrastructure within the Cloud, such as AWS and Azure;
• Experience with managing senior stakeholders;
• Be able to demonstrate the ability to adapt communication style to explain technical concepts to different people within an organisation whether advising stakeholders, directing teams or sharing experience;
• Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services; and
• Be calm in challenging situations, able to navigate through complex security problems to find a root cause and balanced outcome.

It would be advantageous if you can demonstrate some, or all of:
• Experience scoping and overseeing Red Team testing;
• Experience with managing a service and developing a product lifecycle;
• Experience with managing third parties to deliver elements of your service;
• Experience and knowledge of container or serverless platforms;
• Any security or security testing certification.


Job Segment: Information Security, PLM, Security, Technology, Management