Apply on Employer Site

KPMG US · 1 week ago

Lead Specialist, Third Party Risk Management

San Francisco, CA

Full-time

Hybrid

Mid, Senior Level

$108K/yr - $231K/yr

5+ years exp

KPMG is a leading professional services firm currently seeking a Lead Specialist in Third Party Risk Management to join their Managed Services practice. This role involves performing vendor security assessments, drafting reports, managing client engagements, and maintaining collaborative relationships with clients and internal teams.

Financial Services

No H1B

Responsibilities

Interact with onshore engagements and clients directly performing vendor or third-party security assessments, and perform remote assessments independently

Independently draft reports of the assessments based on the discussions during remote reviews, and perform second level quality review of the reports written by peers/junior resources

Conduct business continuity planning and disaster recovery implementation and review experience

Build and maintain strong, collaborative relationships with clients and internal teams, and support the current team with the execution and management of engagements in our current and future Client portfolio

Lead and manage client engagements with a focus on delivering high-quality service in a managed services context

Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment

Qualification

Information Security GovernanceRisk AssessmentsCISA/CISSP/CISM/CIPPISO 27001NIST 800-53PCI-DSSClient Interaction SkillsBusiness Continuity PlanningDisaster RecoveryVerbalWritten EnglishCollaboration Skills

Required

Minimum five years of recent information security governance, privacy and compliance and security assessment experience, with a focus on IT and IS Risk Assessments and program reviews / establishment; prior consulting experience with big 4 or large clientele is preferable, and CISA/ CISSP/ CISM/ CIPP/ ISO 27001 is preferable

Minimum of a Bachelor's degree in information security, computer science, engineering, technology or a similar degree is required

Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment; Security policy; Organization of Information Security; Asset Management; HR Security; Physical and Environmental Security; Communications and Operations Management; Access Control; IS Acquisition, Development and Maintenance; IS Incident Management; Business Continuity Management; and Compliance

Information Security Governance, Privacy and Compliance and Security Assessment experience with a focus on IT and IS Risk Assessments and program reviews / establishment, and understanding on ISO 27001/ NIST 800-53/ PCI-DSS

Broad understanding of Information Security trends, services and disciplines, and experience applying them in dynamic environments

Strong client interaction skills, both written and verbal, and highly fluent in English- both verbal and written

Ability to travel as required

Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)

Preferred

Master's degree from an accredited college or university in information security, computer science, engineering, technology or a similar degree is preferred