KPMG
,
London, Greater London
Information Security Policy and Compliance Consultant
Overview
The role holder will sit in the Information Assurance Governance, Risk & Compliance team and will assist in the delivery of a set of Information Security Policies and Standards and supporting artefacts. The role will involve the development and maintenance of these policies and standards, as well as engaging with a variety stakeholders across the KPMG business. KEY RESPONSIBILITIES Carry out detailed mapping exercises to ensure compliance with information security standards, regulation and legislation etc. Manage and support workshops with policy area stakeholders and subject matter experts (SMEs) and review and assess the outputs in order to develop and maintain the policy. Create and maintain supporting artefacts (including guidelines) Awareness and collaboration Establish strong relationships with relevant stakeholders and SMEs (across Information Assurance and IT Service providers). Work with the Culture and Awareness team to ensure their programmes reflects changes to the policy content and framework. Technical knowledge and qualifications 5 years' experience of information security in a governance, risk & compliance capacity preferred. Previous experience of creating, maintaining and communicating Information Security policies and standards. Strong knowledge of information security standards (e.g. Cyber Essentials, ISO 27001, ISF Standard of Good Practice for Information Security, NIST Cybersecurity Framework, CIS Top 20 Controls). Security certifications preferred. (CISSP, CISA or equivalent).