Associate Director - Cyber Security Strategy & Governance

Job Description

You’ve got big plans. We have opportunities to match, and we’re committed to empowering you to become a better you, no matter what you do.

When you join KPMG, you’ll be one of over 207,000 professionals providing audit, tax, advisory and business enablement services across 153 countries.

With the support to do things differently, grow personally and professionally and bring your whole self to work, there’s no limit to the impact you can make. Let’s do this.

Overview of the Opportunity: 

A career within our Cybersecurity Services, will provide you with the opportunity to help our North American clients implement an effective cybersecurity function that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organizations, partners, and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate, and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.  

What you will do:  

As an Associate Director within the Cybersecurity Strategy & Governance team, you’ll work as part of offshore delivery team, helping our clients solve their complex business issues from strategy to execution. Specific responsibilities include but are not limited to:

• Proactively assist in the management of several client projects simultaneously.
• Act as a liaison between the offshore delivery team in India, the onshore team, and clients.
• Demonstrate deep subject matter expertise and lead cyber threat and risk assessments and third-party risk assessments, while providing guidance to the team on industry leading practices.
• Lead and mentor the offshore delivery team, fostering a culture of collaboration, innovation, and continuous improvement.
• Understand and help solve our clients’ cybersecurity problems.
• Advising on digital and technical aspects of cyber security governance, frameworks, and operating models.
• Coaching and developing team members through sharing of experience and knowledge, as well as managing the performance and development of other team members.
• Work to innovate, build, and enhance how the KPMG Cyber team operates internally and for our clients.
• Establish effective working relationships directly with clients.
• Contribute to the development of your own and team’s technical acumen.
• Linking cyber security to other consultancy offerings on risk management, resilience, and IT transformation to provide holistic support to our clients.
• Continue to develop internal relationships and your KMPG brand.
• Experience in global delivery of projects, working across geographies to optimize delivery processes, ensuring efficiency and high-quality outcomes.

What you bring to the role:

• Proven experience of understanding and managing aspects of cyber risk, including the assessment, analysis and reporting of cyber risk in a business context through performing detailed cyber risk assessment and due diligence on third parties.
• Proven experience in defining and/or implementing security controls across multiple layers of the IT architecture stack.
• An understanding of cybersecurity controls and how they work together to achieve a defence in depth model.
• Interpreting and applying the requirements of appropriate standards (e.g. NIST, ISO, COBIT, ISF), policies, regulatory requirements, and threat/risk assessment in the definition of enterprise security strategy.
• Proven experience in leading multiple teams on multiple client projects.
• Designing and updating cybersecurity strategies, roadmaps, and target operating models.
• Understanding and applying risk management principles to effectively manage cyber risk.
• Implementing business resilience strategies to minimize the impact of a cyber incident.
• Technical designations such as CISSP, CISA, CRISC, CEH, CGEIT, ITIL, PCI QSA, CIPP/C, TOGAF, SABSA or CISM.
• Bachelor or master’s degree in Information Security, Computer Science, Engineering, Business or the equivalent experience.
• Experience in working in a consulting environment would be an asset.

Proficiency in:

• Development of cyber security strategies
• Performing security risk assessments
• Performing maturity assessments
• Development of security policies and procedures
• Implementation of information security management system
• Performing security awareness
• Performing security audits
• Understanding of technologies around following areas will be a plus- data security, OT security and cloud security

Responsibilities:

• Oversee program delivery
• Provide quality assurance
• Deliver client presentations
• Lead proposal development
• Develop and grow client relationships
• Adhere to the firm’s risk management guidelines
• Grow and lead practice
• Manage business operations
• Lead innovation and knowledge management for the team

Keys to your success:

• Solid mix of business and technical capabilities.
• Ability to develop and manage relationships, identify cyber security and resilience opportunities with clients and propose solutions that meet the clients’ needs.
• Strong project management skills with the ability to manage cyber security projects, meet deadlines and manage stakeholder expectations.
• Strong collaborative qualities when working in a global team and the ability to be develop as the subject matter expert in a given cybersecurity field.
• Clear, articulate, and confident written and verbal communication skills, including client reports and presentations, papers and articles.
• Strong networking skills and a broad professional network.
• Ability to interact with organizations at senior levels.