Head of Operational Security

Job Title: Head of Operational Security

Grade: Director (Grade A)

Location: All

Department: Security, EWT Function

Reports into: Head of Cyber Security

About Us

KPMG is part of a global network of firms that offers Audit, Tax & Pensions, Advisory and Technology services. Through the talent of over 16,000 colleagues, we bring our creativity and insight to our clients’ most critical challenges.

With offices across the UK, we work with everyone from small start-ups and individuals to major multinationals, in virtually every industry imaginable. Our work is often complex, yet our vision is simple: to be the clear choice for our clients, for our people, and for the communities we work in.

Overview

The Head of Operational Security is a key role within the Cyber Security team at KPMG UK. The Cyber Security team run and manage all first line security functions and manage first line risks for the UK firm’s digital assets, ensuring the security and integrity of its information.

This role requires a strategic thinker, a skilled leader, and a dedicated cyber security professional who can navigate the evolving landscape of cyber threats. They will be responsible for ensuring we have the ability to prevent, detect, respond to and recover from cyber security threats to the UK firm on 24x7 basis.

There are a number of teams within the Operation Security space including; Threat Detection, Threat Intelligence, Incident Response, Investigations and Identity and Access Management. The team is comprised of approximately 30 colleagues in addition to using a third-party SOC service.

This represents an exciting opportunity to join a growing function and help to shape the future of Cyber Security at KPMG. With the recent merger of the UK and Swiss firms, there are many opportunities for alignment and this role will be key to identifying opportunities to work together. There are also a number of in-flight investments which will allow us to continue to evolve in our operational security capabilities.

Reporting and Accountability

This role reports directly to the Head of Cyber Security. It will have regular interactions with counterparts in Switzerland (following the recent merger), other members of the leadership team including stakeholders from across the IT leadership team, colleagues in second line of defence and CTO’s.

The role will need to collaborate with colleagues from other member firms and KPMG entities around the world and manage key vendor relationships including our third-party SOC provider.

The role holder will represent Cyber Security on various governing boards to provide updates on the firm's cyber security posture and initiatives.

Key Responsibilities

• Lead the core operational security services including Security Monitoring, Incident Response and Investigations, Cyber Threat Intelligence, Identity and Access Management and Security control hygiene. 
• Lead a team of Information Security Professionals (split between UK and India), providing direction, mentorship, and support to ensure high performance and professional growth.
• Champion the services delivered by the Operational Security Team across the UK firm, ensuring that application, data and system owners understand the benefits of and their obligations to ensure that the Operational Security team is able to protect all workloads in use by the firm.
• Ensure that appropriate security controls and measures are in place to safeguard sensitive information and core infrastructure.
• Be the primary UK technical security operations representative for global initiatives to ensure that the UK is appropriately engaged and contributes.
• Ensure effective management of all Service Providers delivering essential security services to the firm.
• Report key performance indicators (KPIs) and Key Risk Indicators (KRIs) for Operational Security Services
• Stay informed about the latest cyber security trends, threats, and technologies to continuously enhance the firm's security posture.
• Establish and maintain an incident response plan to quickly and effectively address cyber security incidents.
• Lead the investigation and resolution of security incidents, working with internal and external stakeholders as needed.
• Ensure compliance with relevant cyber security regulations, standards, and best practices, including Cyber Essentials Plus and ISO 27001
• Monitor and report on the Firm’s compliance status, addressing any gaps or deficiencies as needed.

Experience

• Bachelor's degree in Cyber Security, Information Technology, Computer Science, or a equivalent professional experience.
• Relevant certifications such as CISSP, CISM, or CEH are highly desirable.
• Thorough understanding of the core security technologies in use in the UK firm and wider global network, specifically the Microsoft security stack.
• Relevant experience within cyber security and in a leadership or management role.
• Proven track record of building and operating Security Operations Centres and other security managed services.
• Experience of integrating on premise and cloud workloads into security monitoring platforms including SIEM, EDR, CASB, vulnerability monitoring, CTI and Identity tools.
• Proven track record of contributing to and implementing successful cyber security strategies.
• Experience in managing and responding to complex security incidents and data breaches.
• Strong knowledge of cyber security regulations, standards, and best practices.
• Experience working in a highly regulated industry such as finance, healthcare, or energy is a plus.
• Excellent leadership and management skills, with the ability to inspire and motivate a team.
• Strong analytical and problem-solving skills, with the ability to assess and mitigate risks effectively.
• Exceptional communication and interpersonal skills, with the ability to work collaboratively with diverse stakeholders.
• High level of integrity and professionalism, with a commitment to ethical conduct and confidentiality.
• Ability to stay calm and focused under pressure, especially during security incidents and emergencies.
• Be capable of achieving UK government security clearance.

#LI-BC1