KDN National Information Technology Security Officer

The KDN National Information Technology Security Officer leads the Information Security Organisation and the evolution of the security program, ensuring alignment with global information security priorities, KPMG policies, and regulatory requirements while engaging senior leadership and key stakeholders. The KDN NITSO acts as the primary liaison with global security and risk functions, oversees information security and third-party risk management, and ensures consistent implementation and regular review of security controls, policies, training, and incident management across KDN.

How will you make your mark?

• Lead the Information Security Organisation, including the direction and evolution of the information security program, working with leadership to budget and plan the security function accordingly and ensure alignment with Global information security priorities and strategy.
• Provide leadership insight into information security matters and escalation and promote adherence to KPMG information protection policies and other relevant policies (for example those outlined in the Global Quality & Risk Management Manual).
• Act as the point of contact for the Global Information Security Group (GISG) and GQRM - Global Digital Risk (GDR).
• Participate in regular Global meetings and other relevant forums. Newly appointed NITSOs should participate in NITSO induction sessions arranged as required by Global Information Security Group (GISG).
• Establish and maintain relationships with NITSOs from network firm locations from which KDN delivery centers are located.
• Create, maintain and report on information security metrics.
• Liaise with relevant stakeholders including Business Functions, Technology Groups, Legal, Privacy (Privacy Liaison (PL), Physical Security, Human Resources (HR).
• Responds to requests by the global insurance team to ensure timely submission of information for the annual cyber insurance program.
• Evaluates the information security provisions for working with other member firms, to ensure compliance with the IFDTAs and other regulatory provisions.
• Oversee the information security risk assessment process, tools and solutions used and facilitate risk treatment.
• Provide input into all information security related escalations.
• Accountable for assessing third-party risks, including the initial and ongoing risk assessment of suppliers and their compliance with contractual terms, involvement in the risk assessment during an acquisition.
• Ensure regular (at least annual) review of all security policies and standards, including their implementation.
• Ensure that all relevant stakeholders are notified of the changes to global information security policies and standards, and that changes are appropriately reflected within documented policies, processes, and procedures.
• Ensures that a senior sponsor has been established for the IPCR and the IPCR is carried out in a timely manner. Furthermore, remediation activities must be carried out within the agreed timelines.
• Contribute to the documentation and coordination of ISO 27001 processes (where applicable)
• Advises the business on security requirements of new systems & technologies, including involvement and review of technology projects, approval of significant changes to technology environments, approval of communication tools, virtual desktop infrastructure (VDI), remote access incl. VPN, external facing solutions, the installation of software on operational systems, and authorization of privileged utility programs.
• Work closely with the technology teams to ensure that relevant security controls are implemented consistently across all parts of the organisation and reviews are carried out appropriately.
• Ensure appropriate Information Security Incident Management planning, preparation, implementation and communication.
• Ensure that all KDN personnel receive information protection and data privacy training, as applicable.

Extensive and proven experience within information security and risk management

• Hold industry standard accreditation or certifications. (i.e., CISSP, CISM, ISO 27001)
• Be familiar with current data privacy regulations, including GDPR.
• Have understanding and experience with Secure SDLC and DevSecOps or security automation.
• Be capable of understanding and communicating the business impact that infosec operations have on the organisation.
• Understand the requirements of relevant information security frameworks and attestations including for example ISO 27001, NIST, SOC2, SoQM
• Strong strategic thinking and decision-making skills, with the ability to prioritise and balance security, business needs, and operational constraints.
• Advanced problem-solving and analytical skills, including the ability to assess complex security issues and propose pragmatic, risk-based solutions.
• Proven project and program management capabilities, including planning, prioritisation, and delivery of multiple security initiatives in parallel.
• High level of resilience and the ability to perform under pressure, particularly when managing security incidents or time-critical issues.

The world of global advisory, audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology. The KPMG Delivery Network (KDN) is a is a a global organisation that supports KPMG member firms in delivering global priority solutions to their clients across a number of different industries. KDN helps to enable growth, improve economies of scale, and discover new ways of collaboration and working. You'll be a part of the KPMG family working alongside some of our profession's most skilled practitioners on rewarding programs and initiatives that are changing the way business operates, delivering value to KPMG's clients, and driving positive change in the communities we serve. You'll be assisting KDN to accelerate new ways of working, using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm.