Director - KDN National IT Security Officer (NITSO)

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Seramount, Fair360 and others. If you're as passionate about your future as we are, join our team.

KPMG is currently seeking a Director, KDN National IT Security Officer (NITSO) to join our KPMG Delivery Network organization.

• Lead the Information Security Organization and oversee the direction, evolution, and budgeting of the information security program, ensuring alignment with Global information security priorities and strategy; act as the primary point of contact for the Global Information Security Group (GISG), GQRM - Global Digital Risk (GDR), and participate in regular Global meetings, forums, and NITSO induction sessions as required
• Provide leadership insight and escalation on information security matters, promoting adherence to KPMG information protection policies and other relevant policies (e.g. the Global Quality & Risk Management Manual); ensure appropriate Information Security Incident Management planning, preparation, implementation, and communication across KDN
• Establish and maintain strong relationships with NITSOs from KPMG network firm locations from which KDN delivery centers operate, and liaise with key stakeholders including Business Functions, Technology Groups, Legal, Privacy (Privacy Liaison), Physical Security, Human Resources, and the global insurance team to support the annual cyber insurance program and other global requirements
• Oversee the information security risk assessment process, including tools and solutions used, and facilitate risk treatment; assess third-party risks (initial and ongoing) for suppliers and acquisitions, evaluate information security provisions for working with other member firms (e.g. IFDTAs and other regulatory provisions), and provide input into all information security-related escalations
• Ensure the creation, maintenance, and reporting of information security metrics, and drive the regular (at least annual) review of all security policies and standards, including their implementation; ensure that changes to global information security policies and standards are communicated to relevant stakeholders and appropriately reflected in documented policies, processes, and procedures; ensure a senior sponsor is established for IPCR, that IPCR is carried out in a timely manner, and remediation activities are completed within agreed timelines
• Advise the business on security requirements for new systems and technologies, including review of technology projects and approval of significant changes to technology environments (e.g. communication tools, VDI, remote access including VPN, external-facing solutions, installation of software on operational systems, and privileged utility programs); work closely with technology teams to ensure consistent implementation and review of security controls across the organization, contribute to the documentation and coordination of ISO 27001 processes (where applicable), and ensure that all KDN personnel receive information protection and data privacy training, as applicable
• Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment

• Minimum ten years of recent experience in information security and risk management, with industry-standard accreditations or certifications (e.g. CISSP, CISM, ISO 27001), and solid understanding of relevant information security frameworks and attestations (e.g. ISO 27001, NIST, SOC 2, SoQM)
• Bachelor's degree from an accredited college or university preferred or ten years relevant work experience in a professional services/risk environment
• Strong knowledge of current data privacy regulations, including GDPR, and demonstrated understanding and experience with secure software development practices, including Secure SDLC, DevSecOps, and/or security automation.
• Proven ability to understand and clearly communicate the business impact of information security operations on the organization, balancing security requirements with business needs and operational constraints, and providing pragmatic, risk-based recommendations
• Strong strategic thinking and decision-making skills, with advanced problem-solving and analytical capabilities, including the ability to assess complex security issues, interpret risk, and propose effective mitigation strategies
• Demonstrated project and program management capabilities, including planning, prioritizing, and delivering multiple security initiatives in parallel, coordinating across stakeholders and functions, and monitoring progress against objectives
• High level of resilience and ability to perform under pressure, particularly when managing security incidents or time-critical issues, with strong communication and stakeholder management skills to ensure effective coordination and escalation when required
• Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)