Nouveau KPMG SA

Information Security GRC Engineer

  • Bouy-Luxembourg (Aube)
  • Conception / Génie civil / Génie industriel

Description de l'offre

In this role, you will manage Information Security Risk and Compliance program. Work with cross-functional teams and interface with third-parties to support compliance and risk management activities.

Upon joining the team you will be in charge of the following responsibilities :

Compliance and Risk Management Leadership

·  Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk;
·  Coordinate the treatment of non-conformity with, and exceptions to, the Information Security Policy, norms and laws (ISO27001, GDPR);
·  Address technical policy, compliance and regulatory issues;
·  Provide efficient contract reviews;
·  Contribute to the Firm's RFP submission processes in the Security related sections of those processes;
·  Stay abreast of regulatory and norm changes affecting KPMG Business and information Security (in particular ISO27000 series and GDPR);
·  Governance and Project Leadership
·  Develop a risk decision framework to help understand critical areas;
·  Work with Information Security Officer, NITSO and QRMP to build cohesive security and compliance programs

Risk Management

·  Establish Risk Management Framework Processes and Tools;
·  Coordinate and perform the assessment and analysis of information security risks and monitors compliance with security standards and appropriate policies;

We are looking for a candidate with the following qualifications and skills:
·  Master level or equivalent in IT - specialty in Information Security;
·  At least 6 years of experience with information security concepts and practices with at least 2 years in a Compliance and/or Information Security Risk Management;
·  Experience implementing ISMS frameworks in relation to ISO 27001;
·  Experience with Information Security Risk Management Framework (ISO27005) and Tools;
·  Knowledge of IT Domain (Infrastructure, software development and Data protection);
·  ISO27001 Lead Implementer, ISO27005 Risk manager certification;
·  Project management skills;
·  CISSP, CISM or similar certifications could be an important asset;
·  Fluency in English is required; Knowledge of French or German would be an asset.

Interested in learning more about this challenge? We are looking forward to hearing from you!