Supply Chain Risk Management - AM - BLR/GGN/ Pune
Job Description
Our Client in India is one of the leading providers of risk, financial services and business advisory, internal audit, corporate governance, and tax and regulatory services.
Our Client was established in India in September 1993, and has rapidly built a significant competitive presence in the country. The firm operates from its offices in Mumbai, Pune, Delhi, Kolkata, Chennai, Bangalore, Hyderabad , Kochi, Chandigarh and Ahmedabad, and offers its clients a full range of services, including financial and business advisory, tax and regulatory.
Our client has their client base of over 2700 companies. Their global approach to service delivery helps provide value-added services to clients. The firm serves leading information technology companies and has a strong presence in the financial services sector in India while serving a number of market leaders in other industry segments.
Key Responsibilities:
Act as a trusted advisor to stakeholders, supporting the provision of accurate, appropriate, timely assurance information regarding the KPMG supply chain across capabilities and firmwide.Support the identification of emerging trends and issues with the KPMG supply chain to shape and inform the KPMG risk posture.
Tactically deliver allocated activity from the annual service roadmap to defined standards and service levels.
Support the delivery of the annualised audit schedule, with a strong understanding of a risk based approach.
Be proactive in identification of continuous improvements to foster positive change within the Information Assurance team, seeking innovative solutions to enhance practices.
Deliver the 2nd LoD Supply Chain audit activity to monitor supply chain compliance against regulatory, client, global and local policy & standard requirements, including ISO27001.
Support the ongoing need to ensure that all supplier contracts include standardised Information Security and Data Privacy statements.
Provide support to report on Supply Chain Assurance metrics, providing insights into compliance and risk, highlighting areas for improvement.
Log all findings in the GRC tooling, track, review and monitor remediation results and associated evidence, supporting sign off where appropriate.
Work with finding owners to ensure remediation actions plans are defined and delivered in a timely manner.
Support the analysis and thematic reviews and consolidation of findings and to recommend risk treatment plans to reduce risk for the firm.
Ensure audit work is documented in accordance with business standard and fully supports conclusions and overall opinion through 1st / 2nd level reviews
Ensure that all work is delivered to a high standardConduct other Information Security & Privacy audit activity on behalf of KPMG (i.e. SOC2) where appropriate.
Skills and experience required:
Strong stakeholder management skills, the ability to collaborate and develop relationships internally and externallyExperience advising on supply chain matters, with appropriate background in developing and implementing supply chain risk and assurance frameworks
Excellent ability to conduct audits in an effective and efficient manner y
Working knowledge of ISO27001, Cyber Essentials/ Cyber Essentials Plus, NIST Cybersecurity Framework, CIS, SOC2, Data Protection (UK GDPR, DPA, PECR) and experience of operational implementation
An understanding of ancillary frameworks (EU AI Act, UK AI Frameworks)
Experience of developing processes to deliver service improvements
Excellent analytical and reporting skills, using presentation tools to present complex information with exceptional attention to detail
Excellent communication skills, both written and verbal
Well organised and able to maintain a high workload efficiently at a consistently high standard
Strong knowledge of information security controls
Experience of working with GRC tools (ServiceNow) and supplier management tools (Coupa, Bitsight).
Understanding of a 3 lines of defence model (risk & assurance)Be highly motivated and able to work on own initiative, ability to seek support when required.
Additional Requirements: Significant experience in information security and supply chain risk and assurance.
Certifications in information security, such as CISM, CISMP, CISSP.Auditor qualifications, CISA, ISO27001 Lead Auditor, GIAC or equivalent.
ITIL foundation certificate or above desirable