Senior Associate, Technology Risk
KPMG
KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory.
KPMG is currently seeking a Senior Associate, Technology Risk (Cyber) to join our Advisory Services practice.
- Design, coordinate, and oversee the day-to-day activities related to client engagements in areas such as information technology (IT) strategy and transformation programs, agile software development/DevOps, business continuity and disaster recovery, cybersecurity, collaboration with cloud providers and other third parties which includes, data management/governance, emerging technology such as AI, automation (robotics, cognitive, and more), and projects, General IT controls (GITCs) and application controls testing, and regulatory/compliance requirements such as Sarbanes-Oxley (SOX), FedRAMP, and Payment Card Industry (PCI)
- Review clients' IT traditional and agile processes as well as tools for security, resiliency, and DevOps controls against leading practice, industry, or client frameworks; assess capability maturity, identify gaps in design and execution of the controls, and communicate issues as well as recommendations to senior management
- Work with client senior management to design and implement new IT risk and control frameworks, sustainable solutions (including applying knowledge of governance, risk, and security tools), operating processes, and people models to address key and evolving risks, as necessary
- Complete comprehensive executive summaries and final reports to senior management; review and document workpapers per KPMG standards; lead walkthroughs of client processes and controls
- Demonstrate and apply strong project management skills; inspire teamwork and responsibility among global team members, and ensure effective collaboration across all levels of engagement
- Utilize innovative tools like analytics and AI to enhance deliverables, ensuring cutting-edge solutions; work independently, and maintain a proactive mindset, as well as drive initiatives autonomously
- Minimum three years of recent experience working within IT risk (first line or second line of defense), cybersecurity, internal audit, or IT compliance function as an internal employee; similar role as part of a professional services firm
- Bachelor's degree from an accredited college/university in an appropriate field; Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or similar certifications preferred; Master's degree from an accredited college/university preferred; one or more enterprise technology vendor certifications from IBM, Oracle, Microsoft, Google, AWS, ServiceNow, GitHub, Artifactory, Atlassian, or GitLab preferred
- Prior knowledge and experience in leading as well as executing IT risk consulting, IT process re-engineering, IT audit, and IT internal controls engagements, leveraging IT governance and control frameworks such as: Control Objectives for Information and Related Technologies (COBIT), NIST Cybersecurity framework (CSF), NIST 800-53, IIA GTAG, Cloud Security Alliance, Capability Maturity Model Integration (CMMI), Information Technology Infrastructure Library (ITIL), TISAX, and ISO 27001
- Experience with IT risk management operating models, three lines-of-defense frameworks, integrated risk management practices, third party risk management (TPRM) and/or risk intelligence capabilities
- Preference for candidates with industry experience in products related to automotive, industrial manufacturing, and energy sectors, showcasing a broad understanding of the unique challenges and compliance standards in these industries
- Strong leadership and executive communication skills, technical knowledge, and the ability to write at a publication-quality level to communicate findings and recommendations to clients and senior management teams; proficiency in Microsoft Office Suite and experience with tracking and managing project budgets are essential
- Willingness and ability to travel; must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)
https://kpmg.com/us/en/how-we-work/pay-transparency.html/?id=M105_4_25
KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.
KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law. In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).
KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them.
Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.