Roles and Responsibilities
Using a wide variety of technical and sector-specific skills, KPMG’s Risk Consulting group proactively helps clients increase profits whilst reducing reputational, operational, financial and other risks. We are experienced in managing diverse issues including cyber resilience, digital technology risk, privacy, designing and implementing risk frameworks and modelling, implementing cyber risk controls corporate governance, cyber due diligence, deriving value from contracts and much more.
We have a fast-growing team and our engagements often take place in an international context which requires us to provide services across the globe, often in close cooperation with other KPMG offices.
This role sits within our Cyber consulting team. Our Cyber team delivers a broad range of services across Financial Services, Corporates and the mid-market. These include: assessments, audits and certifications; cyber risk quantification and strategic risk management; cyber transformation (e.g. IDAM programmes, SoC implementation, cloud migration); penetration testing; and incident response.
This role is focused on our Cyber in M&A offering, which is one of the fastest growing parts of our Cyber practice. The team focuses on delivering solutions across the deal lifecycle into both large Corporates and Private Equity houses.
Working as part of a small dedicated team focused on this market, this role will involve:
• Delivering “buy-side” Cyber Due Diligence (DD). Sometimes alongside our financial and technology DD teams and sometimes where we are the only KPMG team delivering to others. Rapidly assessing the capability of an organisation through interviews, document reviews and outputs from external testing.
• Post deal / pre-sale – either integrating organisations in to a large corporate, determining what to keep and what to replace, or working with a PE House across the portfolio to assess areas of remediation. This may involve recommending threat and vulnerability management solutions, performing deeper dive benchmark reviews or putting in place the ability to respond to a cyber-attack.
• Delivering Sell-side support. This could be through formal Vendor Due Diligence (VDD), or in a ‘vendor assist’ capacity. Either supporting an organisation prepare for the process of sale to ensure cyber does not have a value impact. Or conducting detailed review work to provide an accurate representation of the organisations current cyber state and its understanding of cyber risk exposure.
The individual will have a broad base of skills across Information Security disciplines, the ability to form a view quickly, based on limited information, and a desire to work across multiple industry sectors. The role is perfect for someone looking to work with a variety of organisations, able to interact at the most senior levels in organisations and able to deliver fast-paced opinion.
Other key responsibilities of the role will include
• Further developing the offering to the market incorporating technology wherever possible.
• Building relationships in Corporates and with PE Houses with the aim to deliver multiple pieces of work in to the same clients over a number of years.
• Career development of more junior team members, supporting them to build their IT-technical capability as well as their commercial / consulting skills.
• Ability to identify and assess complex cyber threats and risks as part of due diligence assessments, to relate them to the wider business environment and to express opinions clearly to all levels of management.
• Contributing to innovation and practice management, e.g. new services, training, knowledge management for the Cyber Due Diligence capability
• Scoping, financial management, managing delivery risk, production and review of deliverables.
• Managing sales activities such as responding to RFPs, bid management, proposal writing and client presentations.
• Developing internal networks and maintaining excellent relationships with colleagues across KPMG, but in particular within the wider Cyber and Regulatory Risk and Transformation Advisory areas.
Qualifications and Skills
• Cyber security qualification e.g. CISSP / CISM (required)
• Degree or Masters qualification in Cyber, Information Security or IT management (desirable)
• Project management qualification e.g. Prince II, MSP or PMI (desirable)
Experience and Background
A combination of the following:
• An understanding of the deal lifecycle and familiarity with key terminology used.
• Ideally, experience of successfully performing buy-side or sell-side services in technology or cyber.
• Ability to work effectively both remotely and in person across a nationally (and sometimes globally) distributed team, with colleagues across multiple different functions.
• Capability to succinctly articulate the value impact of cyber in the context of a transaction and effectively quantify the risk of issues identified.
• Advising clients on cyber risks and regulations.
• Conducting assessments against industry recognised cyber frameworks.
• A working understanding of the cyber kill chain and typical attack paths.
• Knowledge and experience of cyber, business and technology resilience.
• Familiarity with regulatory compliance models and standards
• Great relationship/stakeholder management skills at all levels.
• Capability to successfully manage a team to deliver a high-quality output within challenging deadlines.
• Proven communication and presentation skills.
• 6+ years of work experience.
• “Big 4” professional services or dynamic IT consultancy environment experience
To apply for this job please visit www.cybersecurityjobsite.com.