Manager, Security Governance Risk and Compliance

Manager, Security Governance Risk And ComplianceKnown for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Seramount, Fair360 and others. If you're as passionate about your future as we are, join our team. KPMG is currently seeking a Manager, Security Governance Risk and Compliance to join our Enterprise Security Services organization. This is a remote work opportunity. Responsibilities include applying a thorough knowledge of risk, compliance and information security to develop and execute a multi-disciplined IT and Security Risk Management implementation plan, with the ability to enable leadership to make informed, risk-based decisions across disparate categories of risk, e.g., stability, operations, cyber, information handling, physical security, resiliency. Build and maintain trust-based relationships with peers and leaders; evaluate risk reduction and mitigation activities to continually drive towards risk reduction methodologies. Analyze the impacts of key risks, define criteria to make risk tradeoffs and make recommendations to leadership to minimize overall risk posture; defend KPMG security capabilities to external entities, as needed. Evaluate the changing operating landscape and determine its impacts on organizational risks, obligations and external expectations; recommend changes to risk approach to ensure consistency with current IT and security best practices. Work with second and third lines of defense to ensure organizational risk measures and internal audits measure and evaluate the appropriate risk areas. May oversee work product(s) and lead entire small to medium size projects, managing deadlines, expectations and often contributing to staffing decisions and supervising the work performed by more junior staff; provide coaching, mentoring and feedback to such individuals and may also serve as a formal performance manager of a team of junior employees.Qualifications include minimum five years of recent risk and compliance experience within a large professional services environment specializing in physical and cyber security. Bachelor's degree from an accredited college or university is preferred; relevant industry certifications, e.g. CISA, CISM, CISSP, ISO 27001/42001 Lead Auditor are preferred. Demonstrated understanding of disparate compliance frameworks and risk management principles, as well as experience making decisions to optimize overall operational risk. Ability to analyze and synthesize technical data and convey it to non-technical audiences; understanding of key business objectives and how to balance business objectives against IT risks. Experience with ISO 27001 (Information Security and Privacy) and/or ISO 42001 (Artificial Intelligence) evaluation of control, mitigating controls, identification of control deficiencies and facilitation of remediation processes collaboration are preferred. Strong verbal/written communication, problem solving, analytical and independent judgment skills to support an environment driven by customer service and teamwork; ability to positively influence, mentor and be a credible source of knowledge to less experienced team members. Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1).