Head of Cyber Security

Job description
Job Title:            Head of Cyber Security
Grade:                Associate Partner
Department:     Technology 
Role type: Full time, Permanent
 
 We’re looking for a Senior Cyber Security professional, with significant drive and experience, to join our ambitious Digital function.  We need a real people person; we are a people business and so as well as knowing your subject you need to be a great leader, coach, mentor and advocate. You’ll be joining a diverse team which is a blend of excellent colleagues based onshore and offshore, as well as many 3rd party suppliers.  You’ll need a passion for Cyber Security and a desire to be an enabler: enabling our client-facing business areas (known as Capabilities and Markets Groups) to deliver excellence safely to our clients. This means that we must be, and demonstrate that we are, safe to connect with.
Location: Hybrid role anywhere in the UK, we have an office near you!
Team size: You will lead a team of c.50 KPMG InfoSec professionals in the UK and India.
Reporting Lines: The Head of Cyber Security reports directly to the CIO, with a dotted line to the CISO.
 
Your role is accountable for leading the Information Security (InfoSec) 1st line function for the UK firm.   The scope of this role oversees the operational delivery in BAU, and all projects and programmes related to KPMG’s overall InfoSec Programme which is set by the CISO. This role has a dotted line to the CISO who is in the 2nd Line of Defence and is the overall accountable owner of the InfoSec Strategy and delivery programme in KPMG UK.  Together, the 1st and 2nd Lines operate as one team with shared goals and strategic direction.
 
You will be responsible for ensuring that services and systems are designed, built, and operated securely; leading the development and deployment of standards and reference architectures ensuring Infosec is an enabler within the firm and driving a secure development mindset. This will include further embedding a DevSecOps approach in a “Cloud First” environment.
You will have responsibility for ensuring the appropriate operation of the technical security controls, to assure compliance with KPMG Information Security policies and delivering technology investments related to 1st Line Information Security. The role will ensure that standards, procedures and supporting processes are in alignment with UK Information Security Policy and control frameworks, and support accreditations such as Cyber Essentials (+) and ISO27001.
Your role will be the senior operational point of contact for Technology Leadership for Cyber Security incidents and is responsible for assessing the impact of emerging threats and new technology in relation to the in-place Information Security controls.
You will work closely with the CISO and the Director of Information Assurance to ensure adherence to relevant KPMG Global and UK Information Security policies.  You will also work closely with your peers in other KPMG Member Firms, and with the Global 1st Line of Defence for Information Security.
Key Responsibilities:
You will need to establish a trusting working relationship with key stakeholders within IT Services, and the business, and will:

Be accountable and responsible for leading the Information Security 1st line function for the UK firm

Lead the following teams; Security Operations (including SOC, Threat Intelligence, Incident Response and Investigations, IAM, Vulnerability Management), and Security Advisory and Architecture,

Maintain and communicate threat landscape, utilising various threat intelligence resources.

Maintain detailed catalogue of the inventory within the estate and its vulnerability posture with a regular vulnerability scan.

Work with stakeholders responsible for infrastructure to develop necessary patching and application refresh cycles to maintain security.

Ownership of the Security Tooling Roadmap, in support of the CISO’s InfoSec Strategy.

Implement and operate the appropriate security tools and ensure that the correct firewall, network, and web/cloud, and Data security products are deployed and operated with on-going product and vendor management.

Oversee the team that performs security assessments and penetration testing on the Technology built and run to support the UK Firm.

Drive innovation and also efficiencies e.g., through automation of processes and adapting emerging technologies.

Provision of appropriate management information to Digital Leadership, to the CISO; and to relevant KPMG Governance forums; and

Be a leader, role model and key influencer for Information Security within and outside KPMG.

 
Skills & Experience:

• High level of Emotional Intelligence and ability to exemplify the KPMG values (Integrity, Excellence, Courage, Together, For better) whilst showing true empathy and high support for colleagues under your leadership;
• Ideally educated to degree level in a business-related subject or equivalent experience in a business or IT environment.
• Previous experience of senior leadership in an Information Security environment.
• Ability to work positively, influence, and maintain strong working relationships with key stakeholders at all levels of Seniority, project teams, and 3rd party service providers.
• Strong leadership and management skills.
• Inclusive, no personal agenda, strives to deliver in the best interests of the firm and our clients and regulators
• Resilience with high focus on ‘getting things done’
• High energy, flourishes in fast paced, dynamic environments
• Calm in a crisis and able to recognise when people and teams need extra support
• Able to make a serious and complex subject easy to understand and fun to be a part of!
• Able to understand, support, and suggest additions and refinements to the wider objectives of the Digital Strategy, as well as the CISO’s Information Security strategy.
• Good knowledge of techniques for planning, monitoring, and sponsoring investment programmes (Agile and Waterfall) as a key customer.
• Good knowledge of budgeting and resource allocation procedures.
• Proven written and oral communications skills, and strong interpersonal skills that can be executed credibly to inspire confidence in you and the delivery of the project.
• A strong problem solver with a pragmatic and tenacious attitude to seek out resolutions.
• Experience of working in a Professional Services or Partnership environment would be advantageous.
• Currently holds, or is able to hold, UK Security Clearance  (SC)