Business Title: Manager, IT Risk Security Assessments - RemoteRequisition Number: 111733 - 3Function: Business Support ServicesArea of Interest:State: ARCity: BentonvilleDescription:Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team.KPMG is currently seeking a Manager, Risk to join our Enterprise Security Services organization.Responsibilities:
Apply a thorough knowledge of risk, compliance, and information security to develop and execute a multi-disciplined IT and Security Risk Management implementation plan to enable leadership to make informed, risk-based decisions across disparate categories of risk such as stability, operations, cyber, information handling, physical security, and resiliency
Build and maintain trust-based relationships with peers and leaders; evaluate risk reduction and mitigation activities to continually drive towards risk reduction methodologies; analyze the impacts of key risks, define criteria to make risk tradeoffs, and make recommendations to leadership to minimize overall risk posture; defend KPMG security capabilities to external entities, as needed
Evaluate the changing operating landscape and determine its impacts on organizational risks, obligations, and external expectations; recommend changes to risk approach to ensure consistency with current IT and security best practices
Work with second and third lines of defense to ensure organizational risk measures and internal audits measure and evaluate the appropriate risk areas; perform all activities from start to end associated to a risk assessment/analysis, from risk identification, analysis, evaluation, and treatment
Communicate results of the risk assessment/analysis to all levels of leadership; create executive level presentations and dashboards to present on Key Risk Indicators (KRI)
Collaborate with risk owners to ensure that progress is being made and tracked with regards to longstanding risks and remediation tasks; ensure that new risks are appropriately assessed, documented, and addressed through remediation, if applicable
Qualifications:
Minimum five years of recent experience in IT risk and controls; prior experience of using ServiceNow and the Integrated Risk Management modules is a plus
Bachelor's degree from an accredited college/university; CRISC, CISM, CISA, or CISSP or equivalent level of experience preferred
Demonstrated understanding of disparate compliance frameworks and risk management principles, as well as experience making decisions to optimize overall operational risk; ability to analyze and synthesize technical data and convey it to non-technical audiences; understanding of key business objectives and how to balance business objectives against IT risks
Excellent verbal/written communication, problem solving, analytical and independent judgment skills to support an environment driven by customer service and teamwork; able to positively influence, mentor and be a credible source of knowledge to less experienced team members
Primary familiarity with the Five Lines of Defense model for managing risk; proficient in IT risk assessments, IT controls testing, evaluation of control evidence, identification of control deficiencies and facilitating the collaboration of remediation processes; highly skilled in risk documentation, including formalized risk registers, GRC frameworks and tools
Must be able to execute against strategic initiatives for team; creative thinker with capability to identify innovative business solutions; strong PowerPoint and executive presentation skills. US citizenship is required.
KPMG complies with all local/state regulations regarding displaying salary ranges. If required, the ranges displayed below or via the URL below are specifically for those potential hires who will work in the location(s) listed. Any offered salary is determined based on relevant factors such as applicant's skills, job responsibilities, prior relevant experience, certain degrees and certifications and market considerations. In addition, the firm is proud to offer a comprehensive, competitive benefits package, with options designed to help you make the best decisions for yourself, your family, and your lifestyle. Available benefits are based on eligibility. Our Total Rewards package includes a variety of medical and dental plans, vision coverage, disability and life insurance, 401(k) plans, and a robust suite of personal well-being benefits to support your mental health. Depending on job classification, standard work hours, and years of service, KPMG provides Personal Time Off per fiscal year. Additionally, each year the firm publishes a calendar of holidays to be observed during the year and provides two firmwide breaks each year where employees will not be required to use Personal Time Off; one is at year end and the other is around the July 4th holiday. Additional details about our benefits can be found towards the bottom of our KPMG US Careers site at 'Benefits & How We Work (https://www.kpmguscareers.com/why-kpmg/#benefits) '.Follow this link to obtain salary ranges by city outside of CA: https://www.kpmg.us/work-for-kpmg/pay-transparency.html/?id=4817924KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link ( https://assets.kpmg.com/content/dam/kpmg/us/pdf/2018/09/eeo.pdf) contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them.KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law. In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).GL: 4GF: 15310