Beschrijving vacature

KPMG Luxembourg is looking for forward-thinking and passionate people to make a difference to our Clients, People and Communities. We are looking for an Information Security GRC expert to join our IT Security team.

In this role, you will manage Information Security Risk and Compliance program. Work with cross-functional teams and interface with third-parties to support compliance and risk management activities.

Upon joining the team you will be in charge of the following responsibilities:

Compliance and Risk Management Leadership

  • Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk;
  • Coordinate the treatment of non-conformity with, and exceptions to, the Information Security Policy, norms and laws (ISO27001, GDPR);
  • Address technical policy, compliance and regulatory issues;
  • Provide efficient contract reviews;
  • Contribute to the Firm’s RFP submission processes in the Security related sections of those processes;
  • Stay abreast of regulatory and norm changes affecting KPMG Business and information Security (in particular ISO27000 series and GDPR).

Governance and Project Leadership

  • Develop a risk decision framework to help understand critical areas;
  • Work with Information Security Officer, NITSO and QRMP to build cohesive security and compliance programs.

Risk Management

  • Establish Risk Management Framework Processes and Tools;
  • Coordinate and perform the assessment and analysis of information security risks and monitors compliance with security standards and appropriate policies.

We are looking for a candidate with the following qualifications and skills:

  • Master level or equivalent in IT – specialty in Information Security;
  • At least 6 years of experience with information security concepts and practices with at least 2 years in a Compliance and/or Information Security Risk Management;
  • Experience implementing ISMS frameworks in relation to ISO 27001;
  • Experience with Information Security Risk Management Framework (ISO27005) and Tools;
  • Knowledge of IT Domain (Infrastructure, software development and Data protection);
  • ISO27001 Lead Implementer, ISO27005 Risk manager certification;
  • Project management skills;
  • CISSP, CISM or similar certifications could be an important asset;
  • Fluency in English is required; Knowledge of French or German would be an asset.
Functiebeschrijving
Sector:
Activities of head offices; management consultancy activities
Beroepsveld:
Engineering professionals (excluding electrotechnology)
Onderwijsveld:
Computing
Work experience:
Work experience is required
Duur van de werkervaring:
More than 5 years
Taalvaardigheden:
  • English
  • Fluent
  • French
  • Fair
  • German
  • Fair
Salaris van/tot:
Not provided
Date of expiry:

Over het bedrijf

KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We have more than 200,000 outstanding professionals working together to deliver value in 154 countries worldwide. KPMG is a truly diverse global organization, and we encourage people to bring their whole selves to work. Because in diversity, we become more vibrant and better thinkers. Through our… Meer informatie