Expires soon Kpmg

Information Security and Compliance Officer

  • Internship
  • SINGAPORE

Job description



The Information Security and Compliance Officer role is within the Regional Delivery Centre (RDC) based in Singapore, that focuses on delivering key global services to member firms across Asia Pacific region (ASPAC region) in the most cost efficient and effective way. The primary function of this role is maintain the regional level of security and information protection in line with KPMG policies and procedures in supporting the KPMG business objectives.

 

In addition to this, the holder of this role is the first point of contact regarding security and information protection related matters for the Global CISO (Chief Information Security Officer), member firm security representatives, regional CIO, regional Quality & Risk Management where relevant and management of the supplier.

 

Job scope:

• Manage and coordinate information security and information protection activities for the RDC and liaise with information security and data privacy contacts across the ASPAC region and global resources for internal matters
• Recruit and retain the specialized talent needed to implement security operation activities and meet service level expectations from a security perspective
• Work collaboratively with the Global Information Risk and Security Office and the RDC leadership to ensure policies, standards and procedures are adhered to, best practices are being utilized and innovations are being shared
• Stay current with new technologies, platforms and methodologies; identify emerging technologies to be introduced within the ASPAC region to ensure that RDC capabilities respond to the needs of the region’s growth and product / services diversifications
• Support ASPAC member firms in the implementation of KPMG standards, guidelines and staying compliant
• Assist internal IT audit and provide evidence for security, compliance and maturity on a regional level
• Undertake security and risk assessment for new IT services, application or solutions and generate an assessment report containing risk factors along with corresponding mitigation controls or remediation measures
• Advise project teams or stakeholders in the region on IT risks and recommended controls, practices and design to mitigate the risks, including meeting compliance requirements
• Support the business integration of new acquisitions from an information risk and security perspective
• Collaborate with business stakeholders in the region to identify information risk and security concerns and requirements
• Facilitate & promote activities for information security awareness within the organization
• Management role within the RDC where the individual provides project review on security risk management and information protection matters

 

Requirements:

 

• 8 to 10 years’ experience in working in a professional service industry and 4 years or above of experience being in a similar role. Significant ongoing involvement in information security industry / professional organizations or comparable programs so as to demonstrate current risk and security expertise and trend awareness.
• Demonstrated experience mentoring, coaching and strategically developing team members
• Capable of strategic thinking and of moving strategic plans into action
• Experience in implementing an information risk and security program in line with business needs and while balancing risk mitigation, cost effectiveness and usability. Implementation of the globally existing information risk and security management approach
• Experience in successfully managing risk and security management projects
• Excellent communication skills – both oral & written including presentation and report writing skills, analytical and problem-solving capabilities
• Ability to establish a well-balanced risk approach to support business initiatives in the region
• Understanding of ITIL and ISO 27001 control objectives
• Broad understanding of IT Service Delivery processes, risk assessment and risk mitigation
• Professional security certification such as CISA, CISM, CRISC or CISSP (Added advantage)
• Familiarity with Cloud technology is and added advantage

Only shortlisted candidates will be contacted by KPMG Talent Acquisition team.

Make every future a success.
  • Job directory
  • Business directory