Security Production Assurance & Compliance Lead

Security Production Assurance & Compliance Lead

Grade B

EWT

Role overview

The Security Production Assurance and Compliance Lead is a pivotal role within the Cyber Security Team. This position entails ensuring robust security control assurance and compliance with relevant regulations and standards. The ideal candidate will have extensive experience in 1st Line of Defence (1LoD) information security, a deep understanding of production environments, and a keen eye for regulatory compliance.

Key Responsibilities

• Security Operations Support: Provide 1LoD support to ensure the protection of information assets across the digital ecosystem
• Budget and Service Optimisation: Support embedding new initiative and maturing current investments made from transformations programmes.
• Product Assurance: Track Security hygiene remediation on an enduring basis
• Compliance Assurance: Ensure adherence to industry standards, regulatory requirements, and internal policies related to information security.
• Risk Management: Conduct regular risk assessments and develop strategies to mitigate identified risks.
• Policy Development: Enforce information security policies, procedures, and guidelines.
• Audit Coordination: Coordinate internal and external audits related to 1LoD.
• Collaboration: Work closely with other departments to integrate security measures into production processes and systems.
• Continuous Improvements: Advise and oversee operational improvements to reach 100% compliance, making significant difference to the security posture of KPMG
• Create and sponsor programmes to enhance the operational effectiveness for security compliance, act as key stakeholder and consultant on these programmes

Qualifications

• Bachelor’s degree, or equivalent qualification/experience, in Information Security, Computer Science, or a related field.
• Significantf experience in information security and compliance.
• Certifications such as CISSP, CISA, or CISM are highly desirable.
• Detailed working experience of Cyber Essentials and Cyber Essentials Plus
• Extensive knowledge of infrastructure of a large organisation; including data centre, endpoint and cloud technologies and their assets
• Proven experience of working with large programmes and dependent outcomes, with security compliance being the beneficiary
• Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, Cyber Essentials Plus, NIST).
• Excellent communication and leadership skills.

Key Competencies

• Analytical Thinking: Strong ability to analyse complex security issues and develop effective solutions.
• Attention to Detail: Keen eye for detail in identifying potential security risks and compliance issues.
• Leadership: Demonstrated ability to lead and motivate a team of security professionals.
• Stakeholder management: Strong ability to manage an extensive range of stakeholders including C- Suite, Partners and Directors across each business capability
• Collaboration: Effective collaboration skills to work seamlessly with other departments and stakeholders.

#LI-AR1