Director, Cybersecurity Integration and Transformation

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Seramount, Fair360 and others. If you're as passionate about your future as we are, join our team.

KPMG is currently seeking a Director, Cyber Assessment to join our Enterprise Security organization.

• Apply a comprehensive specialist-level knowledge of risk, compliance, and information security to identify and lead strategic change initiatives and tactical improvements to digital security programs, including IT security assessments and compliance reviews, software security, adversarial testing, cyber operations and third-party risk reviews
• Support National Information Technology Security Officer (NITSO) operations by developing and coordinating IT security standards, policies, and adjudicating control exceptions; integrate and harmonize US security programs with partners across KPMG's US, Regional, and Global programs
• Identify opportunities and implement strategies that continuously evolve the security assessments process ensuring reviews are conducted thoroughly, consistently, and expeditiously; serve as a subject matter expert providing technical leadership and guidance to assessment teams. Identify opportunities to leverage automation and artificial intelligence to add confidence and speed to operations
• Collaborate across the firm to proactively identify strategic risks to digital security operations and develop remediation options; develop and administer budget proposals for risk reduction activities and projects; track risk reduction activities across the first line, ensuring priority issues are remediated to plan; create risk reports and KPIs that detail security performance within the organization; represent digital security programs to internal and external risk and audit functions
• Direct or be a primary contributor on multiple key cybersecurity projects, programs and initiatives that require advanced knowledge; make independent decisions related to required tasks and use judgment to regularly make decisions on high risk and complex matters; drive continuous process improvement activities by identifying problems and offering solutions
• Provide active coaching, mentoring, and knowledge-sharing with junior staff to advance their career development and create an environment of innovation and challenging the status quo; manage and review those team members' work product; contribute to planning for short term needs, i.e., projects and processes; and may construct annual plan for deployment of those resources; may have people management responsibility for a mid-sized to small team of entry level through intermediate level professionals
• Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment

• Minimum ten years of recent, progressive experience in information security, to include managing other information security professionals; demonstrated experience managing complex cyber assessment organizations; experience managing multimillion dollar security budgets and cross-functional teams
• Bachelor's degree from an accredited college or university is preferred; High School diploma or GED required; Industry-relevant cybersecurity certifications (e.g., CISSP, CISM, CISA) highly desired
• Experience serving as a CIO/CISO delegate for enterprise change initiatives focused on cybersecurity, audit and technology transformation; prior experience providing executive level communication and decisional support for CISO, CTO and CIO level projects required
• Working experience coordinating with Information System Security Managers (ISSMs) or Business Information Security Officers (BISOs) to manage and prioritize portfolio risks
• Demonstrated experience leading business transformation for security and risk assessment processes; experience leading security assessment programs supporting highly regulated and Federal data sets required; working knowledge applying automation to streamline NIST 800-53 and 1253 Security Assessments in support of Assessment & Authorization (A&A) and Approval to Operate (ATO) decisions preferred
• Demonstrated experience transforming security operations through automation and process engineering; experience assessing and authorizing emerging cloud technologies preferred
• Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)