Global Information Security & Risk Management Director

KPMG created KDN to provide large-scale cross-functional capabilities and technology through a network of global delivery centers. KDN encourages global consistency and provides services and tools across Tax and Legal Services Audit and Advisory at a consistently high quality and at a competitive price point. It includes a multi-tiered global sales and delivery support network that transforms how KPMG firms and people work together. Our extensive network of dedicated KDN professionals has the depth and breadth of knowledge necessary to play a key role in the future of global productivity tools.

What we offer*:

• 2 days home office opportunity and flexible working hours

• Private health care coverage including dental services (Medicare)

• Eyeglasses compensation

• Collective life and accident insurance

• Wide range of Cafeteria elements (such as SZÉP Card MOL Bubi MOL Limo)

• Annual bonus may be awarded based on your and the Firms performance

• Company car/car allowance

• iPhone14 with subscription

• Referral bonus

• Internal coaching opportunity

• Sports opportunities and All You Can Move sportpass availability

• Compensation for long-distance commutes (for those who commute to work from outside the city limits)

• Relocation support for foreign candidates

• 3 paid days for volunteering and CSR activities

• In-depth professional training from beginner to advanced level

Key Responsibilities

• Lead the Information Security Organization including the direction and evolution of the information security program working with leadership to budget and plan the security function accordingly and ensure alignment with Global information security priorities and strategy.

• Provide leadership insight into information security matters and escalation and promote adherence to KPMG information protection policies and other relevant policies (for example those outlined in the Global Quality & Risk Management Manual).

• Act as the point of contact for the Global Information Security Group (GISG) and GQRM Global Digital Risk (GDR).

• Participate in regular Global meetings and other relevant forums. Newly appointed NITSOs should participate in NITSO induction sessions arranged as required by Global Information Security Group (GISG).

• Establish and maintain relationships with NITSOs from network firm locations from which KDN delivery centers are located.

• Create maintain and report on information security metrics.

• Liaise with relevant stakeholders including Business Functions Technology Groups Legal Privacy (Privacy Liaison (PL) Physical Security Human Resources (HR).

• Responds to requests by the global insurance team to ensure timely submission of information for the annual cyber insurance program.

• Evaluates the information security provisions for working with other member firms to ensure compliance with the IFDTAs and other regulatory provisions.

• Oversee the information security risk assessment process tools and solutions used and facilitate risk treatment.

• Provide input into all information security related escalations.

• Accountable for assessing third-party risks including the initial and ongoing risk assessment of suppliers and their compliance with contractual terms involvement in the risk assessment during an acquisition.

• Ensure regular (at least annual) review of all security policies and standards including their implementation.

• Ensure that all relevant stakeholders are notified of the changes to global information security policies and standards and that changes are appropriately reflected within documented policies processes and procedures.

• Ensures that a senior sponsor has been established for the IPCR and the IPCR is carried out in a timely manner. Furthermore remediation activities must be carried out within the agreed timelines.

• Contribute to the documentation and coordination of ISO 27001 processes (where applicable)

• Advises the business on security requirements of new systems & technologies including involvement and review of technology projects approval of significant changes to technology environments approval of communication tools virtual desktop infrastructure (VDI) remote access incl. VPN external facing solutions the installation of software on operational systems and authorization of privileged utility programs.

• Work closely with the technology teams to ensure that relevant security controls are implemented consistently across all parts of the organization and reviews are carried out appropriately.

• Ensure appropriate Information Security Incident Management planning preparation implementation and communication.

• Ensure that all KDN personnel receive information protection and data privacy training as applicable.
  

Requirements

• 10 years experience in information security and risk management.

• Hold industry standard accreditation or certifications. (i.e. CISSP CISM ISO 27001)

• Demonstrated global exposure ideally working with crossborder teams stakeholders and regulatory environments.

• Be familiar with current data privacy regulations including GDPR.

• Have understanding and experience with Secure SDLC and DevSecOps or security automation.

• Be capable of understanding and communicating the business impact that infosec operations have on the organization.

• Understand the requirements of relevant information security frameworks and attestations including for example ISO 27001 NIST SOC2 SoQM.

• Experience with people management is required.

• Strong strategic thinking and decisionmaking skills with the ability to prioritize and balance security business needs and operational constraints.

• Advanced problemsolving and analytical skills including the ability to assess complex security issues and propose pragmatic riskbased solutions.

• Proven project and program management capabilities including planning prioritization and delivery of multiple security initiatives in parallel.

• High level of resilience and the ability to perform under pressure particularly when managing security incidents or timecritical issues.

*Elements should be in line with company guidelines and policies.