Lead Specialist, Third Party Risk Management

Lead Specialist, Third Party Risk Management

Join to apply for the Lead Specialist, Third Party Risk Management role at KPMG US
. KPMG Advisory practice is the fastest growing practice, and we are looking for professionals who thrive in a collaborative, team‑driven culture. Our people are our number one priority, and we provide extensive learning and career development opportunities along with world‑class training facilities and leading market tools to ensure continuous professional and personal growth.

• Interact with onshore engagements and clients directly performing vendor or third‑party security assessments, and perform remote assessments independently.
• Independently draft reports of the assessments based on the discussions during remote reviews, and perform second‑level quality review of the reports written by peers/junior resources.
• Conduct business continuity planning and disaster recovery implementation and review experience.
• Build and maintain strong, collaborative relationships with clients and internal teams, and support the current team with the execution and management of engagements in our current and future Client portfolio.
• Lead and manage client engagements with a focus on delivering high‑quality service in a managed services context.
• Act with integrity, professionalism, and personal responsibility to uphold KPMG’s respectful and courteous work environment.

• Minimum five years of recent information security governance, privacy and compliance and security assessment experience, with a focus on IT and IS Risk Assessments and program reviews/establishment; prior consulting experience with a Big 4 or large clientele is preferable, and CISA/CISSP/CISM/CIPP/ISO 27001 is preferable.
• Master’s degree from an accredited college or university in information security, computer science, engineering, technology or a similar degree is preferred; minimum of a Bachelor’s degree in information security, computer science, engineering, technology or a similar degree is required.
• Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005, BS 7799 standard domains, BS 25999 including Risk Assessment;
  Security policy;
  Organization of Information Security;
  Asset Management; HR Security;
  Physical and Environmental Security;
  Communications and Operations Management;
  Access Control; IS Acquisition, Development and Maintenance; IS Incident Management;
  Business Continuity Management; and Compliance.
• Information Security Governance, Privacy and Compliance and Security Assessment experience with a focus on IT and IS Risk Assessments and program reviews/establishment, and understanding on ISO 27001/NIST 800‑53/PCI‑DSS.
• Broad understanding of Information Security trends, services and disciplines, and experience applying them in dynamic environments.
• Strong client interaction skills, both written and verbal, and highly fluent in English—both verbal and written.
• Ability to travel as required.
• Applicants must be authorized to work in the U.S. without the need for employment‑based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity.

KPMG offers a comprehensive, competitive benefits package including medical, dental, vision, disability, life insurance, 401(k) plans, and a robust suite of personal well‑being benefits to support your mental health. Depending on job classification, standard work hours, and years of service, KPMG provides Personal Time Off per fiscal year. KPMG also publishes a calendar of holidays to be observed during the year.

KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable law.