Director - KDN National IT Security Officer (NITSO)

KPMG is currently seeking a Director, KDN National IT Security Officer (NITSO) to join our KPMG Delivery Network organization.
Responsibilities:

Lead the Information Security Organization and oversee the direction, evolution, and budgeting of the information security program, ensuring alignment with Global information security priorities and strategy; act as the primary point of contact for the Global Information Security Group (GISG), GQRM – Global Digital Risk (GDR), and participate in regular Global meetings, forums, and NITSO induction sessions as required
Provide leadership insight and escalation on information security matters, promoting adherence to KPMG information protection policies and other relevant policies (e.g. the Global Quality & Risk Management Manual); ensure appropriate Information Security Incident Management planning, preparation, implementation, and communication across KDN
Establish and maintain strong relationships with NITSOs from KPMG network firm locations from which KDN delivery centers operate, and liaise with key stakeholders including Business Functions, Technology Groups, Legal, Privacy (Privacy Liaison), Physical Security, Human Resources, and the global insurance team to support the annual cyber insurance program and other global requirements
Oversee the information security risk assessment process, including tools and solutions used, and facilitate risk treatment; assess third-party risks (initial and ongoing) for suppliers and acquisitions, evaluate information security provisions for working with other member firms (e.g. IFDTAs and other regulatory provisions), and provide input into all information security-related escalations
Ensure the creation, maintenance, and reporting of information security metrics, and drive the regular (at least annual) review of all security policies and standards, including their implementation; ensure that changes to global information security policies and standards are communicated to relevant stakeholders and appropriately reflected in documented policies, processes, and procedures; ensure a senior sponsor is established for IPCR, that IPCR is carried out in a timely manner, and remediation activities are completed within agreed timelines
Advise the business on security requirements for new systems and technologies, including review of technology projects and approval of significant changes to technology environments (e.g. communication tools, VDI, remote access including VPN, external-facing solutions, installation of software on operational systems, and privileged utility programs); work closely with technology teams to ensure consistent implementation and review of security controls across the organization, contribute to the documentation and coordination of ISO 27001 processes (where applicable), and ensure that all KDN personnel receive information protection and data privacy training, as applicable
Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment
Qualifications:

Minimum ten years of recent experience in information security and risk management, with industry-standard accreditations or certifications (e.g. CISSP, CISM, ISO 27001), and solid understanding of relevant information security frameworks and attestations (e.g. ISO 27001, NIST, SOC 2, SoQM)
Bachelor's degree from an accredited college or university preferred or ten years relevant work experience in a professional services/risk environment
Strong knowledge of current data privacy regulations, including GDPR, and demonstrated understanding and experience with secure software development practices, including Secure SDLC, DevSecOps, and/or security automation.
Proven ability to understand and clearly communicate the business impact of information security operations on the organization, balancing security requirements with business needs and operational constraints, and providing pragmatic, risk-based recommendations
Strong strategic thinking and decision-making skills, with advanced problem-solving and analytical capabilities, including the ability to assess complex security issues, interpret risk, and propose effective mitigation strategies
Demonstrated project and program management capabilities, including planning, prioritizing, and delivering multiple security initiatives in parallel, coordinating across stakeholders and functions, and monitoring progress against objectives
High level of resilience and ability to perform under pressure, particularly when managing security incidents or time‑critical issues, with strong communication and stakeholder management skills to ensure effective coordination and escalation when required
Applicants must be authorized to work in the U.S. without the need for employment‑based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H‑1B, L‑1, TN, O‑1, E‑3, H‑1B1, F‑1, J‑1, OPT, CPT or any other employment‑based visa)
California Salary Range: $171000 - $311000
KPMG offers a comprehensive compensation and benefits package.
Pay Transparency: https://kpmg.com/us/en/how-we-work/pay-transparency.html/?id=5302_9_26
KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state and local laws. The attached link contains further information regarding KPMG's compliance with federal, state and local recruitment and hiring laws.

#J-18808-Ljbffr