Lead Specialist, Third Party Risk Management

Lead Specialist, Third Party Risk Management

KPMG is currently seeking a Lead Specialist, Third Party Risk Management to join our Managed Services practice.

• Interact with onshore engagements and clients directly performing vendor or third‑party security assessments, and perform remote assessments independently.
• Independently draft reports of the assessments based on the discussions during remote reviews, and perform second‑level quality review of the reports written by peers/junior resources.
• Conduct business continuity planning and disaster recovery implementation and review experience.
• Build and maintain strong, collaborative relationships with clients and internal teams, and support the current team with the execution and management of engagements in our current and future Client portfolio.
• Lead and manage client engagements with a focus on delivering high‑quality service in a managed services context.
• Act with integrity, professionalism, and personal responsibility to uphold KPMG’s respectful and courteous work environment.

• Minimum five years of recent information security governance, privacy and compliance and security assessment experience, with a focus on IT and IS Risk Assessments and program reviews / establishment; prior consulting experience with big 4 or large clientele is preferable, and CISA/ CISSP/ CISM/ CIPP/ ISO 27001 is preferable.
• Master’s degree from an accredited college or university in information security, computer science, engineering, technology or a similar degree is preferred; minimum of a Bachelor’s degree in information security, computer science, engineering, technology or a similar degree is required.
• Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment;
  Security policy;
  Organization of Information Security;
  Asset Management; HR Security;
  Physical and Environmental Security;
  Communications and Operations Management;
  Access Control; IS Acquisition, Development and Maintenance; IS Incident Management;
  Business Continuity Management; and Compliance.
• Information Security Governance, Privacy and Compliance and Security Assessment experience with a focus on IT and IS Risk Assessments and program reviews / establishment, and understanding on ISO 27001/ NIST 800-53/ PCI-DSS.
• Broad understanding of Information Security trends, services and disciplines, and experience applying them in dynamic environments.
• Strong client interaction skills, both written and verbal, and highly fluent in English – both verbal and written.
• Ability to travel as required.
• Applicants must be authorized to work in the U.S. without the need for employment‑based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H‑1B, L‑1, TN, O‑1, E‑3, H‑1B1, F‑1, J‑1, OPT, CPT or any other employment‑based visa).

KPMG offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state and local laws.

The attached link contains further information regarding KPMG’s compliance with federal, state and local recruitment and hiring laws.