Head of Information Assurance (Director)

United Kingdom
Competitive salary
12 Apr 2021
23 Apr 2021
Approved employers
Approved employer
Job role
Finance director
Experience level
Title: Head of Information Assurance
Grade: A - Director
Role Type: Full time, Permanent
Location: Any UK Office considered

Role and Responsibilities

This Director-level role sits within KPMG's Information Security organisation and leads second line-of-defence activities of Information Risk and Information Assurance/Audit.

The role reports to the Chief Information Security Officer (CISO), who reports to KPMG UK's Chief Risk Officer and with a functional reporting line to KPMG's Chief Digital Officer .

The role is also one of the sponsors for the Information Security Transformation Program (a major in-flight 3-year information security transformation), as well as a key stakeholder for other information-related transformation projects.

Overview of responsibilities
- Member and key driver of the Information Governance Oversight Committee, which reports into the Risk Executive of KPMG UK
- Accountable for maintaining KPMG UK's external certifications (currently ISO27001 and Cyber Essentials/Cyber Essentials Plus)
- Accountable for the performance of audits carried out by KPMG clients on KPMG, in relation to Information Security and Business Continuity.
- Accountable for the running of a 3-years rolling program of information assurance exercises relating to KPMG UK internal teams and major/high impact suppliers
- Accountable for oversight of remediation activities in relation to Information Security control gaps or ineffectiveness.
- Accountable for the assessment of information risk and suggested security improvements in relation to new technologies; major changes to components of the current technology estate; new suppliers; and other projects that involve KPMG/client/supplier information.
- Accountable for information risk management for KPMG UK, including oversight of processes and tools covering governance, identification, collation, assessment, recording, reviewing, reporting and analyzing information risks. Also ensuring that identified risks are used to drive both business change projects to improve security, and to drive the information assurance cycle.
- Accountable for the elements that feed the information risk management processes, such as the information security controls matrix, the information risk and findings registers, the information security policies and related standards, and the reporting and governance around information security exceptions management.
- Accountable for developing the "Security Liaison" function, which is a growing function providing security support to all areas of KPMG UK's business
- Accountable for integration of information security input into various risk bodies across KPMG UK
- Accountable for the Records Retention schedule; and responsible for Information Security's input into KPMG's information governance & management activities (the Chief Data Officer is accountable)
- Responsible to play an active part in the Information Security Transformation program, as joint sponsor and also in driving the integration of solutions into BAU operation
- Responsible for assigning appropriate information security professionals to the other major change programmes running in KPMG, as well as becoming involved in the governance for some of those programmes on behalf of Information Security.
- Responsible for Information Security's involvement in ISQM1 and any future regulatory changes required by regulators.
- Responsible to maintain day-to-day working between the Information Security teams and the Data Privacy team including the Data Privacy Officer - including merging processes where appropriate
- Responsible for a team of c40 Risk and Assurance professionals making up the Information Assurance team, including future offshore resources
- Responsible for the budget and resourcing plan for the Information Assurance team
- Responsible for the Performance Management of the senior members of the Information Assurance team
- Responsible for maintaining strong relationships with key stakeholders across the firm to help unblock issues, facilitate discussion, drive initiatives, obtain feedback and maintain services that continue to be useful to our internal customers
- Co-responsible with the Information Security Transformation Program manager of the successful onboarding of new relevant services into the Information Assurance department.
- As an Information Security Management team member, take an active part in the development of the strategic and tactical plans for Information Security overall, and any other initiatives run by the CISO outside of daily operational activities.
Experience and Background


- Significant Demonstrable team leadership experience at a senior level, including experience of several (at least 3) of the following areas: Information Security, Risk Management (preferably Information Risk Management), Audit & Assurance, Data Protection, Technology Management / Technology Project Management, Quality Assurance. Knowledge in Legal contracts is a plus.
- Proven experience in delivering successfully in a complex, matrixed environment
- Significant demonstrable experience working in an Information Security role.
- Significant demonstrable experience working in or closely with IT environments, or at least a thorough knowledge of IT and Information Security controls.
- Practical experience in implementing or complying with various information security or information management-related compliance frameworks (ISO 2700x, GDPR, Cyber Essentials etc)
- Experienced in a wide base of technology and toolsets.
- Good working knowledge of information security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls).
- CISM or CISSP certification (or equivalent) highly desirable
- Significant experience in developing and managing IT services. ITIL Certification recommended
- Understanding of the difference between Risk Management and Compliance, with a risk-focus
- Ability to determine good practice and identify opportunities for improvement.
- Working knowledge of budgeting, resourcing, recruitment and HR
- Working knowledge of planning, monitoring, data analysis, reporting.
- Good experience of people management, performance management, people development, staff empowerment and staff motivation

- Ability to develop and leverage strong relationships with internal and external stakeholders.
- Proven ability to engage and communicate effectively with all types of audiences, including top management, auditors and regulators, clients
- Strong focus on customers' needs and in delivering excellent customer experience
- Excellent track record in building highly-effective teams
- Self-motivated, working independently, managing own workload.
- Ability to listen, deal with ambiguity, problem solve, and make challenging decisions.
- Strong integrity, with the ability to remain impartial and escalate where required.
- Good organisational skills with attention to detail, as well as good perspective and an ability to see the big picture.
- Experience in working in a Big 4 organisation is desirable


Similar jobs

Similar jobs