Head of Compliance ITS Global KPMG in Canada - Toronto

Job Description

Head ITS Global Compliance


Do you want to be part of a dynamic team? You can make an impact by joining KPMG.

The Global Information Technology Services Group (ITS Global) is an organization within KPMG International that delivers technology services including applications, infrastructure and operational support, to KPMG member firms worldwide.
Helping KPMG take advantage of, and navigate through, the ever-changing technology landscape requires a multi-disciplinary team of individuals with a full spectrum of skills ranging from the highly technical to the business of IT. Each of our people is a specialist in their area of focus, but what makes us strong is how we work together to support KPMG member firms globally in solving real business challenges.
Our workplace and the diversity of our team provide a great learning environment – a place where no matter what your expertise, you have the opportunity to develop new skills and grow within a dynamic organization.


THE OPPORTUNITY:

The Head of Compliance ITS Compliance will be working directly for and in conjunction with the Partner in Charge (PIC) and Global Information Security Officer (GISO).

As a Head of Compliance will be responsible for:

• Manage the global risk assessment and compliance efforts for KPMG worldwide in regards to Information Risk and Security.
• Plan and manage the budget of associated assessment and compliance activities and initiatives, representing approximately 40% of the total of the ITS Global – Information Risk and Security Office (IRSO) project budget.
• Manage 1-5 employees of Manager-Senior Manager level within the IRSO organization and contracted resources where activities and tasks are outsourced.

Manage the IT Compliance Program within KPMG International:

• Budget and plan the IT Compliance program and its components;
• Reviews of KPMG entities
• Reviews of contracted Third Parties
• Reviews of Services (Systems and Applications)
• Special reviews upon request as a result of e.g. an incident or client inquiry
• Manage the execution of the program:
• Train and educate reviewers/auditors
• Supervise conduct of reviews
• Oversee and review deliverables to ensure consistency and quality
• Execute reviews and assessments:
• Conduct reviews where seniority and/or in-depth knowledge or experience is required
• Report on the Compliance Program to:
• IRSO PIC and GISO
• Global CIO and ITSG COO

Manage the Internal IT Audit function relating to ISO27001 certification:

• Budget, Plan and Conduct the internal audits of KPMG global infrastructure elements subject to ISO27001 certification;
• Establish and maintain the audit program to maintain an ISO certification and achieve continuous improvements
• Support the ISO27001 Lead Implementer throughout the implementation process to ensure requirements and audit criteria are met

Oversee and where appropriate review risk treatment activities:
• Review and determine that non-compliance items are appropriately analyzed and risks communicated to ensure effective and accurate risk treatment planning
• Review and determine that actions taken are appropriate and adequate e.g. through root cause analysis

Coordinate and drive compliance activities:

• On an operational level coordinate and support efforts e.g. with Global Quality & Risk Management (GQ&RM), Department of Practice Protection (DPP) and Legal Counsel.

Administration & Oversight:

• Oversee / manage IRSO resources, identify new strategic directions and set new priorities.
• Act as Performance Manager to IRSO resources
• Serve as a permanent member of the IRSO management group


THE LIFE:

• KPMG offers a variety of comprehensive benefit packages in order to meet the diverse needs of our members – at varying stages of their lives.
• The Firm provides various “People Matters” programs including personal care time, fitness reimbursement, concierge service, and backup care for family members to help firm members improve the balance in their lives and enhance their knowledge or skills.
• Eligible firm members receive an annual bonus, based on firm, team, and individual success.
• As a Firm, we are committed to the individual growth of our members and provide support through semi-annual performance reviews.

Desired Skills & Experience

THE SKILLS & BEHAVIOURS:

A successful candidate will possess the following skills and behaviours:

• 10+ years of diverse experience within Information Security
• Post secondary education in a related field
• 8+ years of management experience required
• Extensive experience in developing and managing security and compliance programs.
• Extensive experience in conducting security reviews, risk assessments and compliance audits in a multinational environment.
• A solid understanding of KPMG’s business model and the professional services provided by KPMG.
• Excellent leadership, organizational, coordination, presentation, interpersonal, and team building skills are essential to lead a team of senior Subject Matter Experts (SME’s)
• Excellent technical skills in information security and data protection
• Possesses excellent decision-making skills and professional judgment
• Strong business ethics and integrity
• Excellent written and oral communication skills for communicating with Partners and employees at all levels of the firm
• Ability to gain and maintain credibility with relevant stakeholders, including the Senior Leadership of KPMG member firms, KPMGI and Third Parties.
• Holds pertinent information security certifications such as: CISSP, CISA, CISM, CIPP
• Preferably accredited as ISO27001 Lead Auditor
• International experience would be an asset 

Apply Now - Resume or CV with Job Post Title
Email: jobs@aarenconsultants.in