We are looking for a colleague to join our security team, someone who sees supporting KPMG in the field of security as a challenge. In the position of business security analyst, you will be responsible for the correct programming and execution of the information security measures that stem from KPMG’s security policies and ISO 27001/SOC 2 compliance mandates.
As business security analyst, you coordinate the implementation of security measures needed to effectively implement the security policies within the operational teams. You liaise with the teams to ensure that security controls are implemented and evaluate processes to guarantee that the policies have been implemented correctly and that security controls are operating effectively maintaining all the audit trails as per the defined security framework.
To execute these tasks, you cooperate closely with the service delivery managers and various teams specialists in the operational department, but also with functions such as NITSO (Information Security Offices), the Security Manager and PMO (Project Management Office), to ensure that the measures to be taken and controls to be introduced are actually implemented in our working methods and in the configurations of the various objects. The business security analyst’s main task is to ensure that information systems are implemented and used in line with EMA RDC’s security requirements.
In your position, you support the line management organization with solicited and unsolicited advice with regards to security compliance and leasing with the operational team coordinating any queries or needs the operational team has by maintaining security compliance.
Responsibilities and tasks
- Ensure compliance with all KPMG Information Security policies, standards and guidelines, regulatory compliance, audit compliance and promoting security education and awareness.
- Participates in project development of EMA RDC systems and applications ensuring that security controls are factor in and are effective.
- Ensures Information Security documentation is properly stored, refreshed, inventoried and approved.
- Collaborates with data and process owners to track the action plan for the identify gaps with Information Security processes, systems, and applications. Maintains the action plan register and track progress escalating when necessary.
- Ensures information management processes are in compliance with KPMG security policies, standards and guidelines.
- Performs defined security checks on set intervals maintaining audit trails, liaises with the operational department when non conformities arise tracking their timely resolution.
- Coordinates the execution of audit plans and corrective actions where necessary.
- Works with process owners to prepare audit responses and response to audit queries.
- Maintains the vulnerability management by performing analysis on corrective actions needed following vulnerability scans and penetration test and coordinating their effective implementation by the operational team until their resolution.
- Supervise, coordinate and evaluate the realization of the KPMG information security policies.
- Assist the EMA RDC Head of RAS and EMA RDC NITSO and Information Security Manager in performing periodic ISO control audit assessment reviews with key suppliers.
- Develop adequate management and reporting methodologies aligned to internal processes and control frameworks, and regularly report to KPMG senior management representatives on performance and risk indicators for EMA RDC security posture.
Members of the EMA RDC need a core set of competencies enabling them to work effectively with the various ITS and business communities within the regions and the member firms. Key individual contributor competencies:
- Build Credibility and Trust – Adhere to KPMG values and high ethical standards of behavior by demonstrating respect, honesty, consistency and fairness when interacting with colleagues, customers, business partners and other stakeholders
- Collaborate with Others – Work effectively with others within and across EMA RDC businesses, as well as with external stakeholders such as KPMG member firms, establishing and maintaining productive working relationships
- Deliver Results – Tenaciously work to meet or exceed expectations by keeping self and others focused on achieving critical goals
- Analyze Problems & Make Decisions – Commit to a course of action after identifying and assessing alternatives based on logical assumptions, facts, resources, constraints and organizational values
- Apply Functional Knowledge – Obtain and leverage an appropriate level of professional skill or knowledge and keep up with current developments and trends in area of expertise.
- 3 + years’ experience working with IT or Information Security, legal, audit, compliance
- Excellent stakeholders management and communication skills.
- Strong analytical, evaluative and problem solving abilities.
- Strong teamwork skills.
- Good understanding of security policies, procedures and technologies, including ISO 27001 series;
- Good understanding of compliance management and ISO 27001 accreditation proceedings and mandates.
- Experience using communication tools like Microsoft Office which are utilized extensively in the region working as part of a virtual team.
- Maturity in personal skills
- Pragmatic attitude and flexible to changing priorities and demands.
- Strong interpersonal, verbal, written, analytical, problem-solving, and conceptual skills.
- Qualifications such as CISM, CISA, if not already achieved, are to be actively progressed as part of a continuous career development plan.
We believe that progress can only truly be progress if its cause benefits both the individual and society as a whole. Therefore, we combine the newest technologies with what we have accomplished in the century we are existing: a foundation of knowledge, expertise and independent thinking.
Open, creative and venturous
We offer a stimulating mix of entrepreneurship, creativity and team spirit. You can be yourself, you feel validated and appreciated and you know that you can make a difference if you want to.
The ultimate environment for personal growth
Here at KPMG, you will be given plenty responsibilities from the start, combined with the freedom to develop yourself, both personally and in business. We are not only offering you a job: we are offering you a career.
Additionally we are offering you:
- A competitive salary
- 30 holidays
- Freedom of choice in (most of) your work
- A laptop and iPhone which can also be used privately
- A non-contributory pension plan
- A lease car
- Discounts on insurances and tax benefits for a gym membership
- Lots of activities involving fellow KPMG colleagues, such as Friday afternoon drinks,
Meer informatie en solliciteren
Please apply via the button below. For questions, please contact the dedicated Recruitment Advisor, Maud van Turnhout at email@example.com.