KPMG Luxembourg is looking for forward-thinking and passionate people to make a difference to our Clients, People and Communities.
We are looking for an Information Security GRC Engineer to join our IT Security team. In this role, you will manage Information Security Risk and Compliance program.
Work with cross-functional teams and interface with third-parties to support compliance and risk management activities. Upon joining the team you will be in charge of the following responsibilities : Compliance and Risk Management Leadership
Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk;
Coordinate the treatment of non-conformity with, and exceptions to, the Information Security Policy, norms and laws (ISO27001, GDPR);
Address technical policy, compliance and regulatory issues;
Provide efficient contract reviews;
Contribute to the Firm’s RFP submission processes in the Security related sections of those processes;
Stay abreast of regulatory and norm changes affecting KPMG Business and information Security (in particular ISO27000 series and GDPR);
Governance and Project Leadership
Develop a risk decision framework to help understand critical areas;
Work with Information Security Officer, NITSO and QRMP to build cohesive security and compliance programs
Establish Risk Management Framework Processes and Tools;
Coordinate and perform the assessment and analysis of information security risks and monitors compliance with security standards and appropriate policies;
We are looking for a candidate with the following qualifications and skills :
Master level or equivalent in IT specialty in Information Security;
At least 6 years of experience with information security concepts and practices with at least 2 years in a Compliance and / or Information Security Risk Management;
Experience implementing ISMS frameworks in relation to ISO 27001;
Experience with Information Security Risk Management Framework (ISO27005) and Tools;
Knowledge of IT Domain (Infrastructure, software development and Data protection);
ISO27001 Lead Implementer, ISO27005 Risk manager certification;
Project management skills;
CISSP, CISM or similar certifications could be an important asset;
Fluency in English is required; Knowledge of French or German would be an asset.
Interested in learning more about this challenge? We are looking forward to hearing from you!