Deputy Chief Information Security Officer (CISO)

Job Description

Our Connected Technology Group (CTG) defines and drives the digital, data and technology strategy for KPMG. We have an important advocacy role for technology in the market and across KPMG, working with our technology leaders to build our market presence. We cultivate collaboration and integrate tech execution across our business, driving a firmwide approach to how we go-to-market and build the capability of our people and attract new talent. 

The Deputy CISO role is a technical role that oversees the day-to-day technical implementation of security controls and requirements across the KPMG Australia, Fiji and Papua New Guinea information technology environments. They have two other technical leadership roles which includes the National Information Technology Security Officer and IT Security Advisor roles. They work under the CISO, and Chief Digital Officer and closely with the CIO, CTO and Enterprise Architecture Team to ensure comprehensive first line cyber security operations, approval of security requirements from KPMG Global and PSPF compliance for Australian Defence security. They will maintain documentation of KPMG Global and PSPF Compliance and ensure that requirements are established and maintained, and that comprehensive work plans and reporting frameworks are also in place. The Deputy CISO will monitor the first line of cyber security compliance and the security posture of the organisation, including providing proactive proposals, with appropriate balance to the resources, for a resilient, data centred approach to threat reduction uplift. They will have a comprehensive background in all Security Frameworks, including PSPF, NIST, ISO 27001, APRA, and Critical Infrastructure.

Key Responsibilities: 

• Ensure a risk-based decision-making process of technical security controls and integrated approach to cyber-security.
• Assist in the development of Cyber Security Maturity, Uplift and Cyber Security Strategy.
• Oversee the Technical Implementation of Security Controls and Cyber Security Maturity and Uplift requirements for KPMG Global, PSPF and other Client Frameworks.
• Work with Security Compliance, to ensure that the appropriate KPMG Australia policy framework is in place consistent with regulatory requirements (PSPF) and IT Security Standard (ISM).
• Provide advice on ICT security matters to the CISO, CSO and the wider KPMG Teams. 
• Work with, and provide strategic-level advice to, Enterprise Architecture to maintain KPMG Australia’s Security Blueprint and broader security technology maturity requirements.
• Provide technical oversight to projects, security policy exemptions and provide oversight to the firm in the capacity of the NITSO.
• Document and analyse risks using the Information Security Manual (ISM) control framework and provide certification documentation (Systems Security Plan and Incident Response Plan) for accreditation by the Chief Information Security Officer (CISO).
• Assist in developing internal frameworks for cyber security risk and first line approvals in conjunction with the second line risk team. 

How are you extraordinary?

• You are a kind and compassionate leader with a passion for continually growing your leadership skills to get the best out of a diverse and multidisciplinary team.
• You are excited to be a part of the future of Information Security, with a strong understanding of security technologies, information management, and business process-based solutions, and their real-world application.
• You are a relationship builder, with keen communication skills and the knack for building and managing relationships with diverse internal and external stakeholders.

Qualifications

Mandatory

• Australia Citizen and Security Clearance level required: NV2 (or ability to obtain and maintain).
• VET or Tertiary qualifications in information management, computer science, information systems, Cyber Security or equivalent experience. 
• Certified Expert in Cyber Investigations or similar
• Demonstrated capacity to provide timely, compelling and concise advice to inform executive members and senior management to support decision making. 

Preferred 

• Information Security Registered Assessors Program (IRAP)
• SANS specific security training. 
• Demonstrated experience leading a team to achieve high performance and meet organisational and business goals. 
• Demonstrated experience in risk management, policy and strategy development.
• Demonstrated experience in a government context.
• Experience with Azure, AWS and Google Cloud environments. 

Additional Information

KPMG is a professional services firm with global outreach and deep sector experience. We work with clients across an array of industries to solve complex challenges, steer change and enable growth. 

Our people are what make KPMG the thriving workplace that it is and what sets us apart is that we know great minds think differently. Collaborate with a team of passionate, highly skilled professionals who’ve got your back. You’ll build relationships with unique and diverse colleagues who will provide you with the support you need to be your best and produce meaningful and impactful work in an inclusive, equitable culture.

At KPMG, you’ll take control over how you work. We’re embracing a new way of working in many ways, from offering flexible hours and locations to generous paid parental leave and career breaks. Our people enjoy a variety of exciting perks, including retail discounts, health and wellbeing initiatives, learning and growth opportunities, salary packaging options and more.

Diverse candidates have diverse needs. During your recruitment journey, information will be provided about adjustment requests. If you require additional support before submitting your application, please contact the Talent Support Team.

At KPMG every career is different, and we look forward to seeing how you grow with us.