The Digital Risk GRC Expert is responsible for managing the Information Security Risk and Compliance program, working collaboratively with cross-functional teams and third parties to support compliance and risk management activities. This role focuses on developing and implementing security standards and frameworks to mitigate risks while ensuring adherence to regulatory requirements.
Roles and Responsibilities:
1. Compliance and Risk Management Leadership
•Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risks.
•Coordinate the treatment of non-conformities and exceptions to the Information Security Policy, norms, and laws (ISO27001, GDPR).
•Address technical policy, compliance, and regulatory issues.
•Provide efficient contract reviews.
•Contribute to the Firm’s RFP submission processes in the Security-related sections.
•Stay abreast of regulatory and norm changes affecting KPMG Business and information Security (in particular ISO27000 series and GDPR).
2. Governance and Project Leadership
Develop a risk decision framework to help understand critical areas
•Collaborate with the Information Security Officer, NITSO, and QRMP
to build cohesive security and compliance programs.
3. Risk Management
•Establish Risk Management Framework Processes and Tools.
•Coordinate and perform the assessment and analysis of information security risks and monitor compliance with security standards and appropriate policies.
•Contribute to the Firm’s RFP submission processes in the Security-related sections.
•Stay informed about regulatory and norm changes affecting KPMG Business and information Security (particularly ISO27000 series and GDPR)
Qualifications: Graduate or a post graduate degree from Tier
1/Tier 2 institute in Information Technology, with a specialization in Information Security.
Work experience
•5+ years of experience in information security concepts and practices, with a minimum of 2 years in Compliance and/or Information Security Risk Management.
Mandatory technical & functional skills:
•Experience implementing ISMS frameworks in relation to ISO 27001.
•Experience with Information Security Risk Management Framework (ISO27005) and tools.
•Knowledge of IT domains (Infrastructure, software development, and Data protection.
•ISO27001 Lead Implementer and ISO27005 Risk Manager certifications.
•Project management skills.
•CISSP, CISM, or similar certifications are considered an asset
Interpersonal Skills:
•Detail-oriented and results driven
•Strong writing and communication skills.
•Excellent organizational, multi-tasking, and time management abilities.
•Effective communication across all organizational levels in a diplomatic manner.
•Strong presentation, influencing, and negotiation skills.
•Ability to work independently as well as within the team
•Business/client-oriented mindset
