FreeHire

KPMG Ukraine

Cyber TPRM- Manager

Show

Position - TPRM Manager

11 to 13 years in Cyber and TPRM

  • Assist with Information Security Governance, Privacy, and Compliance tasks, including IT and IS risk assessments and program reviews.
  • Perform remote assessments as required and prepare corresponding documentation.
  • Review and analyze vendor questionnaires. Support quality assurance processes by assisting with the review of documentation and deliverables.
  • Support security assessments based on standards such as ISO 27001, NIST 800-53, and PCI-DSS.
  • Manage end-to-end third-party risk assessments for medium to high-risk vendors
  • Interacting with onshore engagements and clients directly performing Vendor or Third-party security assessments
  • Independently write reports of the assessments based on the discussions during remote reviews.
  • Support periodic reviews and continuous monitoring activities and identify gaps in vendor controls and document findings.
  • Follow up with vendors for remediation of identified risks and escalate unresolved or high-risk issues to senior stakeholders
  • Ensure vendors comply with internal policies and regulatory requirements.
  • Assist in audit activities (internal/external) by providing documentation and reports. Support adherence to frameworks such as GDPR, ISO 27001, SOC 2, etc.
  • Communicate vendor risk findings clearly to business stakeholders
  • Guide and mentor TPRM analysts, reviewing their work for quality and accuracy
  • Act as a primary point of contact for business units on third-party risk matters.
  • Perform second level quality review of the reports written by peers/junior resources.

Educational qualifications

Bachelor's degree from an accredited college/university or equivalent experience
Certifications such as ISO 27001 LA/ CISA/ CRISC/ CISSP etc.

Work experience

4+ years Information Security Governance, Privacy and Compliance and Security Assessment, experience, with a focus on IT and IS Risk Assessments and program reviews / establishment.
Prior consulting experience with big 4 or large clientele is preferable.
Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG
27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment; Security policy; Organization of Information Security; Asset Management; HR Security; Physical and Environmental Security; Communications and Operations Management; Access Control; IS Acquisition, Development and Maintenance; IS Incident Management; Business Continuity Management; and Compliance.
Effective skills in stakeholder management and reporting
Broad understanding of Information Security trends, services and disciplines and experience applying them in dynamic environments.

Mandatory technical & functional skills

Excellent Team player
Strong written and verbal communication skills; Highly Fluent in English – verbal and written
Ability to effectively document technical findings and produce clear reports.
Team-oriented approach with the capability to operate within a structured assessment process
Familiarity with control testing, risk identification, data collection, and documentation processes within security assessments.
Working knowledge of Information Security trends and best practices
Strong understanding of security controls in public cloud environments (i.e., Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform) and SaaS services hardening.
Awareness of frameworks such as: ISO 27001,NIST,SOC 2.
Exposure to GRC tools (ServiceNow, Archer, One Trust, etc.) – preferred but not mandatory
Strong Microsoft Excel skills (tracking, reporting)