Job Description

We are seeking for a Digital Risk Oversight Expert.

The Digital Risk Oversight Expert will play a crucial role in ensuring that the organization’s digital security risks are effectively identified, monitored, and managed. This position focuses on oversight and governance, ensuring that solutions, processes, and behaviors align with KPMG policies, standards, and security best practices. The expert will provide independent oversight and advisory support to the first line of defense, contributing to a robust digital risk management framework.

What you will be working on

Independent Reviews

• Conduct independent reviews of security controls and provide actionable recommendations for improvement.
• Assess and validate the adequacy of security measures implemented by the first line of defense.

Security Processes Implementation

• Elaborate, implement, and monitor security-related processes to ensure compliance with established standards.
• Lead investigations on security incidents, containing, mitigating, and reporting the impact effectively. Ensure root cause analysis and lessons learned are addressed effectively.

Reporting & Metrics

• Produce regular reports on the state of information security and key risks for senior management and stakeholders.
• Track key performance indicators (KPIs) and key risk indicators (KRIs) to evaluate security effectiveness.
• Identify, evaluate, and report on the criticality of identified vulnerabilities and prioritize remediation based on potential business impact.

Training & Development

• Elaborate and deliver training sessions to all stakeholders to strengthen the security culture within the organization.
• As an Expert, coach, motivate and review the work done by junior team members.

Collaboration & Liaison

• Work closely with the first line of defense to address security gaps and vulnerabilities.
• Liaise with third parties, auditors, and regulators on security matters, ensuring compliance with relevant regulations.

What we look for

Technical Skills & Qualifications

• Bachelor’s or Master’s degree in IT, ideally with a specialty in Information Security.
• At least 8 years of experience with information security concepts and practices.
• Knowledge of IT security standards (ITIL, ISO27001, OWASP, etc.).
• Proficiency in IT security tools (Firewall, EDR, IPS N/H, WAF, SIEM, DLP, Compliance, etc.).
• Strong knowledge in network security and incident management.
• Strong Cloud security knowledge and IT Security certifications are an advantage e.g. CCSP, AZ- 500
• Strong Knowledge on development technologies and languages.

Experience & Knowledge

• Ability to lead security assessments and audits.
• Strong understanding of cybersecurity threats and vulnerabilities
• Experience in vulnerability management and cloud security.
• Excellent communication and management skills.
• Ability to work collaboratively in a team-oriented environment.
• Motivated and organized, capable of taking ownership of projects from A to Z while respecting tight deadlines and being receptive to new ideas.
• Strong issue resolution skills with a focus on risk controls and client focus.