Job Description

We are seeking an IT Security Officer

The Information Security Officer’s role is to align security initiatives with KPMG programs and business objectives, ensure that information assets and technologies are adequately protected. He/she collaborates with internal IT Teams, as applicable and acts as the delegate of the NITSO (National IT Security Officer) for KPMG Services. The ISO plays a critical role in protecting data integrity, ensuring compliance with regulatory standards, and mitigating potential security threats. This position demands a unique combination of technical expertise, strategic thinking, and meticulous attention to detail.

What you will be working on

• Manage and continuously improve the Information Security Management System (ISMS).
• Develop, implement, and maintain information security policies, standards, procedures, and controls to protect company and client information.
• Conduct security risk assessments, vulnerability analyses, and oversee security requirements across change management, supplier relationships, and asset management processes.
• Monitor security events, manage information security incidents and investigations, and address policy non-conformities and exceptions.
• Ensure compliance with applicable information security regulations, standards, and internal requirements, working closely with Risk Management and relevant stakeholders.
• Lead and coordinate IT security projects, certifications, and audits (e.g., ISO, PSDC).
• Produce security reports, KPIs, metrics, vendor risk assessments, and other management reporting to measure and demonstrate ISMS effectiveness.
• Advise internal teams, management, clients, and authorities on information security matters and regulatory requirements.
• Promote security awareness through training, campaigns, onboarding sessions, and employee education initiatives.
• Collaborate with IT and business departments to integrate security controls into operational processes and projects.
• Monitor emerging cybersecurity threats, industry best practices, and regulatory developments, proposing improvements to strengthen the organization's security posture.

What we look for

• Bachelor's or Master's degree in IT, Information Security, or a related field.

• 4–6 years of experience in information security, cybersecurity, or a similar role.

• Strong knowledge of information security frameworks, cybersecurity, risk management, and data protection.

• Broad understanding of IT infrastructure, software development, and security operations.

• Experience with security policies, incident response, compliance, and regulatory requirements.

• CISSP, CISM, or similar certification is an advantage.

• Strong analytical, organizational, communication, and stakeholder management skills.

• Ability to manage multiple projects and priorities in a dynamic environment.

• Fluent in English; French and additional languages are an asset.