To ensure protection of KPMG Firm s Information, Information Systems, Information Processing and Information Processing Facilities while following the KPMG Information Security Policies, Processes, Technology Standards and Local Laws and Regulations with own proactive initiatives and as directed by National Information Technology Officer (NITSO), KPMG Global Information Protection Group and KPMG Global CISO.
Major duties and responsibilities
• Information Security Policy Enforcement and Compliance:
• Initiate and execute local information security efforts.
• Manage and oversee all aspects of information risk and security within the KPMG.
• Support the implementation and compliance with KPMG s Information Security Policies, Security Standards (including requirements issued as part of special programs and initiatives & specifications together with any other applicable local policies.
• Coordinate with other aspects of the business including Physical Security, Legal, PPC or HR, ITS and the Privacy Liaison (PL).
• Client information security queries: Serve as the single point of contact for all client information security queries and requirements and Coordinate firm responses to client queries and questionnaires on information protection topics.
• Third Party Risk Management: Ensure that appropriate policies and controls are enforced upon third parties and/or subcontractors to the KPMG firm in order to protect the firm s infrastructure and data.
• New initiatives:
• Ensure that all local and cloud-based IT systems and initiatives are secure and meet published global security requirements and ensure that they do not conflict with global IT direction/plans.
• Review information available on global systems (e.g. Security Assessment Reports and other applicable information made available by Global Information Protection Group (IPG) or the application team.
• Assess the risks and ensure risk treatment plan is deployed appropriately in the local environment.
• Execute the tasks introduced by National IT Security Officer (NITSO).
• Implement new requirements and programs as directed by NITSO.
• Training and Awareness: Execute and support information security training that incorporate the key Global Acceptable Use (GAUP) and other local policies as directed by Global Information Protection Group (IPG) and National IT Security Officer (NITSO).
• Internal Audit: Manage the annual independent information protection Internal Audit (IA) of the firm following global guidance.
• Risk Mitigation: Track the timely closure of the internal audit findings, technical vulnerabilities identified during vulnerability scanning. penetration testing, application security testing, and those communicated by the product vendors.
• Reporting and Communication: Report on security posture, security incidents, and non-compliance cases to NITSO and/or NITSO Delegate.
Senior Consultant - Information Security
Senior Consultant - Information Security
Minimum Bachelor or Master degree in the field of Computer Science, Information Technology, Computer Engineering, Telecommunication Engineering, Information Security or related field.
Certifications in the field of Information Security, Cyber Security, Data privacy.
Work experience requirements:
Applicants should be able to demonstrate experience in the following components of this role:
Administration of IT security controls: Minimum 2 yrs.
Experience in Policy and Process developments
Experience in Design and Operating Effectiveness of Security Controls
2-5 years IT security or information security experience with a proven ability to engage with business team and clients.
The applicants should have previous experience of dealing with risk management and information security issues.
Proven ability to build relationships and communicate with people at all levels including Partners
Minimum of 5 years experience in a reputable multinational organization/ Big 4, preferably other KPMG member firm, within Risk Management.
Prior experience working within a consulting service organization or regulatory agencies is preferred.
Knowledge and Awareness
Applicants should be able to demonstrate knowledge in the following areas:
Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
Knowledge of COBIT, ISO27001, NESA IAS, PCI DSS, NIST, SANS, CIS Controls, OWASP, etc.
Knowledge of UAE and Oman Federal Laws and Regulations impacting Information Security, Confidentiality, Cross-Border Data Transfer, etc.