Information Security Manager - NIST /ISO /COBIT /GDPR /HIPPA / PIC-DSS

Job Description

Role Description

You will be working with clients to understand their cybersecurity needs and provide tailored solutions.

• Education: Bachelors/Master's in Computer Science, Information Security, or related field.
• Experience: 10+ years in IT and Information Security.
• Preferred past consulting experience and mandatory client-facing experience, preferred globally.

• Profound knowledge of cybersecurity frameworks, industry standards (NIST, ISO, COBIT, GDPR, HIPPA, PIC-DSS, CIS, FISMA, NIS2), and best practices.
• Proficiency in network security, cloud security, industrial cybersecurity, cryptography, incident response, vulnerability assessment, SIEM, IAM, and compliance standards are essential.
• Provide oversight and leadership to KPMG team members regarding deliverables, project plans, and performance management.
• Leading business development activities by identifying new clients, building business relationships with key stakeholders, developing proposals, project plan and engagement framework.
• Supervise and provide performance management to the team working on assigned engagements.
• Provide expert advice and consulting to clients, guiding them in implementing robust cybersecurity risk management strategies to protect their enterprise environment and help them grow.
• Mentor and train junior team members to foster their professional growth and skills in GRC.
• Strong analytical and problem-solving skills, with the ability to think critically and strategically.
• Writing professional and thought leadership articles and speaking at related conferences and seminars.
• Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences.
• Review clients existing risk management processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management.
• Strong knowledge on cyber risk assessments of Emerging Technologies, Operational Technologies, Risk Quantification and Enterprise Risk Management.
• Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments.
• Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA, ISA 63443, any two certs are mandatory.