Share this Job

Technical Security Operations Lead

Date: Jun 18, 2021

Location: London, United Kingdom

Company: KPMG UK

Team



The role is part of the KPMG Security Operations team within Information Security – which is responsible for KPMG’s 1st Line of Defence cyber security controls and ensures that business IT systems are protected and monitored from cyber threats and vulnerabilities.



Role



The role involves leading a multi-disciplinary team that is accountable for Identity and Access Management operational services, is accountable for the end to end vulnerability management service and cultivates strong collaboration between Security Operations and Technology teams.



The Technical Security Operations Lead will:


Work with the Head of Security Operations to lead and manage a team of high performing professionals in delivering a quality, efficient, business enabling service;


Oversee and be accountable for Technical Security Operations service delivery - appoint or maintain service leads for each of the services operated; work with the service leads to deliver the service goals for each service, in line with strategy; support the service leads as necessary; ensure good collaboration within the team and with stakeholders; manage demand and prioritise appropriately (sometimes with senior assistance as needed);


Monitor service quality & escalate issues as necessary;


Participate in relevant senior governance forums, as a core member, alongside other senior stakeholders within Information Security and Technology;


Identify information security issues & risks for ongoing management in the wider Information Security teams; from time to time participate in the Information Risk Management Board meetings as necessary;


Improve the customer experience, through process improvement and organised communication;


Obtain regular customer feedback to continue to drive the performance improvement of the services;



- Be responsible for building and maintaining strong relationships with key stakeholders, such as customer groups, Information Security leadership, CTO’s, Technology Engineering and Operations, business service owners and 3rd parties;


Feed into budget discussions and develop a clear forward plan for resourcing requirements;



- Provide opportunities and on-the-job training in the teams to develop the skills needed to meet the future needs of the service; monitor the need for off-the-job training and request as appropriate;



- Be accountable for ensuring service documentation, such as process guides, are maintained and kept up to date;



- Be accountable for lifecycle ownership of in-scope technology that supports the services within the Technical Security Operations team;



- Be responsible for providing reporting to leadership and other service stakeholders on service portfolio performance (against KPIs) and risk exposure (against KRIs);



- Be responsible for inputting to and reviewing information security policy and standards related to Vulnerability Management and Identity and Access Management;



- Be responsible for attending and supporting internal and external audits to represent the services within the Technical Security Operations team;



- Provide advice to senior leadership on ways to improve control mechanisms, identify, evaluate, and mitigate risks;


Work towards and achieve or extend professional certifications as part of personal development (as agreed with Performance Manager);


Share experiences with others to assist their learning and understanding.




Prior experience



The successful candidate should be able to demonstrate most of the following:


Ability to lead a team and work collaboratively


Ability to learn from difficult experiences and adapt accordingly


Experience of leadership of diverse and technical teams


Good understanding of technical security


Experience and knowledge with Identity and Access Management and vulnerability management, especially in the public cloud, such as AWS, Azure or Google Cloud


Experience of working with technology operations teams – both internal and outsourced.


Experience with managing senior stakeholders and developing trust with those stakeholders


A good knowledge of wider concepts of Information Security (which could be demonstrated through CISM/CISSP/CCSP certification or similar)


Be able to demonstrate the ability to adapt communication style to explain technical concepts to different people within an organisation whether advising stakeholders, directing teams or sharing experience;


Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services whilst managing customer expectations; and


Ability to be calm in challenging situations, while navigating complex security problems to find a root cause and balanced outcome.



Job Segment: Operations Manager, Risk Management, Cyber Security, Operations, Security, Finance