Information Risk Assistant Manager

  • Anywhere
  • Anywhere


Job description
Title: Information Risk Assistant Manager (Grade D)
Business unit: Information Risk, Information Assurance

The Team
The role holder will be a key assistant manager in the Information Assurance team, supporting the information risk & reporting aspects of Information Assurance. The role holder will be responsible for helping to implement the Information Risk Management framework, including providing the status of information risk and compliance across the firm, managing risk reporting and supporting the ISMS methodology documents for the UK firm’s ISO 27001 certification

The Role
Risk management
• Support the development of the firm’s Information Risk Management framework, including the day to day processes, artefacts, and providing requirements as input for GRC tooling and solution design
• Coordinate GRC tooling architecture and platform changes that may impact the Information Risk Management framework
• Assist with reviewing the output of the Information Risk Management framework implementation, operations, audit and compliance checks to ensure the framework is operating as designed
• Communicate with UK Enterprise Risk Management (ERM) resources to ensure alignment and integration
• Identify and propose improvements to the Information Risk Management framework based on changes in requirements (e.g. KPMG global requirements, ISO 27001, Cyber Essentials, audit findings, information security strategy, etc.) and emerging challenges
• Monitor information security risks captured within Information Assurance which may be populated from multiple information security risk sources (e.g. Risk Assessment team, etc.) and help run the day to day operations of the Information Risk Register.
• Support the Information Risk Management framework operations, management and governance bodies to allow them to assess the Information Security risk position on a regular basis with an Information Security view and with input across KPMG UK where feasible
• Support any Information Risk Management framework communications, outside of the Information Security function,
• Foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, escalating issues as necessary
• Support the firm’s mission to build client trust and confidence with regard to information security
• Stay abreast of industry best practice in relation to information security governance, risk & compliance

• Assist with coordinating the formal governance review required to support the firm’s Information Security Management System
• Coordinate governance alignment with the UK ISO 27001 information security management system
• Support the relationship with GRC tooling providers (currently SureCloud and ServiceNow)
• Support the Information Risk Manager in making the Information Assurance risk governance bodies effective
• Provide information risk management input into Capability and Regional risk agendas as required

• Assist with the creation and provision of meaningful and actionable information risk reporting and dashboards, including changes to the current information risk position related to policies owned by the Head of Information Assurance.
• Coordinate with wider information security reporting to ensure risk reporting aligns and supports wider information security communications standards

• Contribute to the development and implementation of the KPMG UK information security policies across the firm and ensure changes to policies are integrated into the Information Risk Management framework and Information Security Management System
• Contribute to policy compliance and oversight activities, including audits
• Promote good information security practice and standards across the firm

Awareness and collaboration
• Establish strong relationships with first line of defence stakeholders, as relevant to role
• Establish strong relationships with other relevant stakeholders, including ISTP workstream leads
• Build on and preserve the firm’s reputation with clients, with regard to information security

The Person
Technical knowledge and qualifications
• Experience of information security in a risk management capacity
• Strong working knowledge of information security standards (e.g. ISO 27001, ISO 27005, ISO 31000, Cyber Essentials, ISF Standard of Good Practice for Information Security, ISF IRAM, NIST Cybersecurity Framework, CIS Top 20 Controls, etc.)
• Subject matter expert in information risk management
• Understanding of privacy requirements (including GDPR, ISO 27701, etc.)
• Good knowledge of legal and regulatory requirements impacting information security
• Ability to communicate clearly and simply, both verbally and in writing
• CISSP certification and/or CISM desirable

Leadership skills
• Experience of leading and inspiring others, providing guidance, mentoring and planning
• Strong influencing skills
• Ability to prioritize and manage a complex workload, including multiple tasks for themselves

Analytical skills
• Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions and recommendations
• Ability to understand business drivers and risk appetite and to align information security compliance accordingly
• Experience of leading projects
• Problem solving skills

Personal qualities
• A self-starter, with a proven need for excellence
• A good team player
• Good inter-personal skills and ability to communicate effectively with stakeholders at all levels
• Multi-cultural awareness and sensitivity
• Strong integrity, independence and resilience
• Excellent attention to detail, combined with strategic vision

To apply for this job please visit

To apply for this job please visit

Contact us


Related Jobs