Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team.
KPMG is currently seeking an Associate, Director, IT Security Compliance to join our KPMG Technology organization.
Interface with and act as key point of contact with internal stakeholders to ensure that IT services are performed in line with applicable compliance obligations, including leading internal trainings as deemed necessary; oversee internal assertion processes that support the annual SOC 1/SOC 2 engagements
Collaborate and manage relationship with external regulatory bodies and auditors while providing periodic reports and presentations to internal and external stakeholders on compliance activities and issues.
Communicate and support resolution of potential compliance issues outlining appropriate risk assessment and mitigation strategy
Ensure management and Subject Matter Experts (SMEs) have a complete understanding of the process, circumstances, and risk involved with control objectives for their area
Lead discussions about design and operational effectiveness of controls with SMEs while identifying latent organizational weaknesses and human performance error traps embedded in existing processes
Stay abreast of other departments in the firm with risk, control, and governance responsibilities while ensuring to successfully perform tactical collaboration and information sharing
Minimum of eight years of experience in business process controls and IT risk management, internal audit, IT security, or other IT compliance related work, preferably in a client serving environment with the ability to maintain an understanding of the current AICPA standards applicable to SOC 1/SOC 2 engagements
Bachelor's degree from an accredited college/university; Master's degree is preferred
Strong understanding of relevant regulations and industry standards (e.g., COSO, PCI, HIPAA, HITRUST) as well as best practices and methodologies to address requirements; must have the ability to apply the requirements to organizational internal control frameworks
Experience with Archer Policy/Compliance Management tool and SOC1/SOC2 engagements
Ability to manage multiple priorities successfully within a deadline driven environment while demonstrating effective facilitation skills to guide decision-making or consensus
Preferred Certifications: Professional certifications including but not limited to; Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP); Certified Information Security Manager (CISM) and/or Certified Information Privacy Professional (CIPP), Certified Information Technology Professional (CITP); US Citizenship is required
KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, creed, religion, age, sex/gender, national origin, ancestry, citizenship status, marital status, sexual orientation, gender identity or expression, disability, physical or mental handicap unrelated to ability, pregnancy, veteran status, unfavorable discharge from military service, genetic information, personal appearance, family responsibility, matriculation or political affiliation, or other legally protected status. KPMG maintains a drug-free workplace. KPMG will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable local, state or federal law (including San Francisco Ordinance number 131192). No phone calls or agencies please.