Deputy Security Controller

The role of Deputy Security Controller is a regulatory mandatory role. The role holder will be a key manager in the delivery of facility security assurance and continued compliance. They will take the lead on ensuring KPMG UK manages it obligation to the Accreditor. They will liaised and consult closely with the Security Controller Function including where necessary with vetting processes, They will hold close relationships with the Business, HR including Welfare activity, incident investigation and disciplinary processes. They will liaise with key accreditors and regulating entities as is necessary to assure rigorous oversight and compliance is maintained throughout all activities. Being a FSC and IPSA accredited contractor allows KPMG to sponsor staff for security clearances which is crucial in winning and delivering work across Government and Industry. This allows KPMG to sufficiently resource and work with sensitive protectively marked material.

 

 

KEY STAKEHOLDERS

• FSC - Board Level Contact
• Security Assurance Oversight Committee
• National Security – Security Oversight Group

• Clients and the Business
• All cleared staff
• Sponsoring Authorities

KEY RESPONSIBILITIES

 

Compliance

• Oversight of the facility and personnel Security Assurance Function as an integral element of KPMGs FSC assurance and compliance plan and deliver this across the firm in support of all HMG activity
• Deputise in management of the relationship with Defence Equipment and Support (DE&S) Principal Security Advisor (PSyA) and maintenance of the KPMG FSC and IPSA certification [DE&S & CPNI ExtraNet access needed]
• Maintain and enhance the delivery of engagements across all Defence and Government clients and conduct oversight over this activity
• Support the firm’s mission to build client trust and confidence regarding information and personnel security
• Stay abreast of industry best practice in relation to information security governance, risk & compliance  [Membership of DISA needed]
• Agreeing Security Aspects Letters for all engagements involving material classified higher than Official
• Act as Committee Secretary to the Security Assurance Oversight Committee

 

Policy

• Manage the development, maintenance and communication of the UK firm’s FSC information security policies
• Assist with preparing and implementing the Company Security Instructions (as defined within HMG’s Security Requirements for FSC Contractors)
• Promote good information security practice and standards across the firm

 

Risk Management

• Support proactive and timely identification, evaluation and recording of non-compliance and information security risks
• Foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalating issues in line with the Information Risk & Control Framework
• Prepare and distribute Management Information in support of Oversight Activity for the Security Assurance Group and Board Level Contact

 

Awareness and collaboration

• Establish strong relationships with business and functional teams
• Arrange relevant and appropriate security education and awareness training
• Establish strong relationships with DE&S and other relevant stakeholders
• Build on and preserve the firm’s reputation with clients, and the firm's mission to become the ‘Most Trusted’

 

KNOWLEGDE, EXPERIENCE AND SKILLS

 

Technical Knowledge and qualifications

• A minimum of 5 years experience focused on security and assurance preferably in a high grade Defence or Government arena 
• Practical expertise in advising on high grade security assurance policy and standards
• Strong knowledge of HMG security standards (e.g. Cabinet Office Security Policy Framework, JSP 440, Industry Security Notices and CESG IA standards)
• Strong understanding of privacy requirements (including GDPR)
• Ability to attain and maintain a very high level of National Security Vetting (NSV DV as minimum without restrictions) Note: The successful candidate will be a sole UK National born in the UK
• Where necessary undertake additional responsibilities as required and defined by clients in order to support client facing staff deliver the clients contractual obligations.
• Be on call and be able to attend the facility when required to within time limitations.

 

Leadership skills

• Experience of leading and inspiring others, providing guidance, mentoring and planning
• Display and foster the highest levels of trust and integrity
• Ability to deal with a broad range of stakeholders at all levels, both internal and external, in a confident and assured manner
• Ability to prioritize and manage a complex workload, including multiple tasks for themselves and direct reports
• Strong influencing skills

 

Analytical skills

• Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions and recommendations
• Ability to understand business drivers and risk appetite and to align information security compliance accordingly
• Strong analytical and problem-solving skills

 

Personal Qualities

• A good team player, with the ability to act independently and exercise sound judgment
• Excellent communication skills, both written and verbal
• Multi-cultural awareness and sensitivity
• Strong integrity, independence and resilience
• Excellent attention to detail combined with strategic vision

KEY STAKEHOLDERS

• FSC - Board Level Contact
• Security Assurance Oversight Committee
• National Security – Security Oversight Group

• Clients and the Business
• All cleared staff
• Sponsoring Authorities

KEY RESPONSIBILITIES

 

Compliance

• Oversight of the facility and personnel Security Assurance Function as an integral element of KPMGs FSC assurance and compliance plan and deliver this across the firm in support of all HMG activity
• Deputise in management of the relationship with Defence Equipment and Support (DE&S) Principal Security Advisor (PSyA) and maintenance of the KPMG FSC and IPSA certification [DE&S & CPNI ExtraNet access needed]
• Maintain and enhance the delivery of engagements across all Defence and Government clients and conduct oversight over this activity
• Support the firm’s mission to build client trust and confidence regarding information and personnel security
• Stay abreast of industry best practice in relation to information security governance, risk & compliance  [Membership of DISA needed]
• Agreeing Security Aspects Letters for all engagements involving material classified higher than Official
• Act as Committee Secretary to the Security Assurance Oversight Committee

 

Policy

• Manage the development, maintenance and communication of the UK firm’s FSC information security policies
• Assist with preparing and implementing the Company Security Instructions (as defined within HMG’s Security Requirements for FSC Contractors)
• Promote good information security practice and standards across the firm

 

Risk Management

• Support proactive and timely identification, evaluation and recording of non-compliance and information security risks
• Foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalating issues in line with the Information Risk & Control Framework
• Prepare and distribute Management Information in support of Oversight Activity for the Security Assurance Group and Board Level Contact

 

Awareness and collaboration

• Establish strong relationships with business and functional teams
• Arrange relevant and appropriate security education and awareness training
• Establish strong relationships with DE&S and other relevant stakeholders
• Build on and preserve the firm’s reputation with clients, and the firm's mission to become the ‘Most Trusted’

 

KNOWLEGDE, EXPERIENCE AND SKILLS

 

Technical Knowledge and qualifications

• A minimum of 5 years experience focused on security and assurance preferably in a high grade Defence or Government arena 
• Practical expertise in advising on high grade security assurance policy and standards
• Strong knowledge of HMG security standards (e.g. Cabinet Office Security Policy Framework, JSP 440, Industry Security Notices and CESG IA standards)
• Strong understanding of privacy requirements (including GDPR)
• Ability to attain and maintain a very high level of National Security Vetting (NSV DV as minimum without restrictions) Note: The successful candidate will be a sole UK National born in the UK
• Where necessary undertake additional responsibilities as required and defined by clients in order to support client facing staff deliver the clients contractual obligations.
• Be on call and be able to attend the facility when required to within time limitations.

 

Leadership skills

• Experience of leading and inspiring others, providing guidance, mentoring and planning
• Display and foster the highest levels of trust and integrity
• Ability to deal with a broad range of stakeholders at all levels, both internal and external, in a confident and assured manner
• Ability to prioritize and manage a complex workload, including multiple tasks for themselves and direct reports
• Strong influencing skills

 

Analytical skills

• Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions and recommendations
• Ability to understand business drivers and risk appetite and to align information security compliance accordingly
• Strong analytical and problem-solving skills

 

Personal Qualities

• A good team player, with the ability to act independently and exercise sound judgment
• Excellent communication skills, both written and verbal
• Multi-cultural awareness and sensitivity
• Strong integrity, independence and resilience
• Excellent attention to detail combined with strategic vision