Job description
The Security Transformation Specialist role is pivotal to the sustainable growth of the Cyber Strategy service area within the UK, supporting the delivery of cyber strategy and risk services to a broad range of Defence & National Security clients.
Description of the role
The role will deliver the following activities:
1. Manage large / complex cyber strategy and risk engagements to clients, leading on multiple workstreams of work and / or managing the delivery of other managers within the team.
2. Build and developing lasting client relationships and actively build a network and range of experience to help address client needs
3. Building relationships across KPMG’s capabilities and our global member firms to bring innovation to our clients, including the development of new channels for joint pursuits (e.g. Technology Strategy, Internal Audit, ERS)
4. Work with the leadership team to identify and support sales pursuits for Cyber Strategy and risk opportunities to grow our business
5. Support the development of our people as a performance manager, coaching and develop the team around you, and promoting and support a culture of learning and development across the team.
6. Knowledge, Skills and Experience with managing UK Government and/or UK Defence Secure by Design (SbD) implementation and practices, including risk and threat assessments, planning and monitoring and stakeholder management and continuous assurance, is essential.
7. The role will also have opportunities to support our Leadership team as we continuously evolve our strategy, help create, build and evolve our propositions as part of our investment into our capabilities, and create and be recognised for Thought Leadership that supports our market messaging.
Role dimensions
The Security Transformation Specialist is a senior delivery role, and will be responsible for managing multiple teams or workstreams across multiple clients, in some cases managing other managers within the team.
The role requires a high level of stakeholder interaction and challenge, including:
8. Internal stakeholders: business development teams, sales teams, delivery teams, technical development teams, Quality and Risk Management, joint proposition service area leaders.
9. External stakeholders: client stakeholders and decision makers for purchasing the product and / or services related to the product, across a range of sectors and industries,
Experience
Specific to the role, the Security Transformation Specialist role should be able to demonstrate proficiency across a number of the following skills and experience:
10. Defining cyber security strategies, considering an organisation’s business and technology objectives and aligning future capabilities to the needs of the organisations
11. Defining and implementing cyber risk management frameworks, considering the complexity of multiple regulatory and sector-specific requirements clients may have on them.
12. Cyber risk assessments of complex environments (e.g. multi-platform, multi-cloud, multi-sector type clients).
13. Articulation of cyber risk to a broad range of technical and non-technical cyber stakeholders, including executive / board / audit committee audiences.
14. Assessing Cyber Security Target Operating Models (TOMs), considering all aspects of a modern TOM including people, processes, technologies, service delivery models, governance structures, and metrics and reporting
15. Creating business cases for cyber security investments and securing stakeholder commitment to cyber improvement programs
16. Managing the delivery of strategic cyber security programs, including project management activities, stakeholder reporting and monitoring of delivery outcomes
17. Understanding and delivery experience with leading security frameworks (i.e National Institution of Standards Technology Cyber Security Framework (NIST CSF), ISO27001:2013/2022, National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF), Capability Maturity Model Integration (CMMI).
18. A working understanding of security architecture principles
19. A working understanding of cyber security governance models
20. A working understanding of regulatory requirements (NIS, GDPR etc) of organisations in individual sectors.
More generally, we expect that you will have:
21. Proven experience leading work at sustained levels of high quality, including inspiring drive and resilience in others
22. Excellent written and verbal communication skills
23. Excellent presentation and influencing skills
24. An ability to develop excellent relationships both internally and with clients at a senior level