The Senior Manager frequently interacts with project sponsors, technology teams, vendors, global and member firms as required. The Senior Manager works closely with the Canadian CISO, Practice Protection, Privacy, Legal and Information Technology groups as well as KPMG’s global Information Protection Group. The Senior Manager has a good understanding of information security standards, architecture frameworks, security technologies, platforms, products and tools. The Senior Manager has previously managed solution architecture, solution delivery and security functions. The Senior Manager also understands the business environment and is able to articulate information security requirements within the overall business context. What you will do
Assist the CISO in managing the overall information security program.
Ensure that technology platforms and solutions are engineered to meet security requirements.
Advise and work with key stakeholders to address any gaps.
Propose and develop multi-year plans to advance maturity of the firm’s security program.
Oversee adherence to the firm’s Canadian and global security requirements for products, services and platforms used by the client.
Support and counsel IT Architects, DevOps teams, solution architecture on topics related to information security.
Provide management reports and make presentations to business leaders as required.
Provide recommendations to improve overall security posture and compliance.
Maintain relationships with key stakeholders internally (within Canada, global and other major firms), partners and service providers necessary for effective maintenance of the security program.
Participate in and lead projects, as required, related to information security.
What you bring to this role
8-10 years of broad IT experience which includes security architecture, solution design, technology assessments, program management, security operations and technical leadership.
2-3 years of security experience specific to cloud environments, such as Azure and AWS.
Strong business acumen and ability to understand the business context.
A university degree in a related discipline.
CISSP or CISM Certification is required. CISA and CRISC certification is an asset.
Excellent understanding of security control frameworks such as ISO 27001, NIST 800-53 and CIS.
Keys to your success:
Strong strategic and operational knowledge of key security products, tools and technologies.
Excellent communication skills and ability to represent CISO in interactions with partners and clients.
Excellent interpersonal, organizational and people management skills.