Global Digital Risk Policy Senior Manager – KPMG UK
Job Details
* Location: Birmingham, Cardiff, Edinburgh, Gatwick, London, Manchester, Reading, Watford
* Capability: International
* Experience Level: Senior Manager
* Type: Full Time
* Service Line: International
* Contract type: Secondment
About KPMG International
Together with more than 273,000 colleagues in 143 countries, we imagine big ideas and bring solutions to life for clients both large and small. A role with KPMG International opens a world of opportunity in your career. We set strategy and protect the reputation of this global organization of independent professional services firms providing Audit, Tax and Advisory services. We deliver value to our member firms and drive positive change in the communities we serve.
About this Global Group
Global Quality & Risk Management (GQ&RM) protects the KPMG brand and reputation by dealing with live issues and learning from challenges across the network. GQ&RM develops globally consistent quality and risk management policies, monitors compliance and quality of delivery across all three functions.
About this Team
Global Digital Risk Team (GDR) is responsible for the development, maintenance, and assurance of the Firm’s critical global information protection policies and controls. As 2nd Line of Responsibility (2 LOR), GDR also conducts governance, assessment and monitoring to produce insights into known and emerging Digital Risks.
The GDR Policy team develops, communicates and maintains policies covering information risk, security and privacy.
Role Summary
The Policy Lead drives the development and maintenance of Global Information Security Policies and Security Standards, ensuring alignment to industry frameworks and regulatory expectations.
Key Accountabilities
Policy Management
* Subject matter expert for GDR Policy – develop and update KPMG Global Digital Risk Policies, aligning with ISO and NIST standards.
* AI delegate representing GDR on the Global AI Trusted Design Authority Working Group and the GQ&RM AI Taskforce.
* Manage resources supporting Policy Portal Maintenance and the Policy Exceptions Process.
* Oversee the Policy Exceptions Process, ensuring timely reviews and decisions in line with policy.
Policy Governance
* Lead the GDR Information Protection Policy Working Group (IPPWG) – review, update and vote on policy materials.
* Coordinate ratification and communication of new or updated materials to formal governance bodies such as the Policy Development Working Group and the GQ&RM Steering Group.
* Prepare pre‑read materials and special alerts to communicate updates to member firms.
Compliance and Attestations
* Support routine compliance, attestations and certification audits (ISO27K, SOC2, SoQM, IPCR).
* Assist with KPMG’s Cyber Insurance submissions and related questionnaires.
Stakeholder Management
* Maintain one‑to‑one calls with IPPWG members to discuss feedback and questions.
* Represent GDR on security standards working groups; review standards for compliance with policy.
* Respond to AI policy requirements from an information‑security perspective.
Supporting GDR
* Provide advice on information-protection priorities, including AI-related matters to KPMG functions, business lines and member firms.
Experience / Knowledge / Qualification
* Proven experience in policy writing, development, management, or compliance in areas such as information security, information protection, risk management or AI.
* Strong analytical skills, ability to research, interpret and translate technical information into well‑written policy.
* Deep knowledge of cyber risks, threats, security principles and best practices; experience analysing emerging digital risks is highly desired.
* In‑depth knowledge of ISO 27001, NIST 800‑53, Cloud Control Matrix, COBIT.
* Experience supporting attestations and certifications such as ISO 27001, SOC2, SoQM.
* Excellent writing, moderation, negotiation and communication skills.
* Bachelor’s degree in an appropriate subject or equivalent work experience.
* Professional qualifications (CISSP, CISM, CRISC) desirable but not essential.
Agile/Flexible Working
We support flexible arrangements to help you balance home and work demands. Discuss individual requirements with us.
KPMG International’s Commitment to Inclusion & Diversity
We recognise the need for inclusion and diversity to be successful. We attract, retain, and develop diverse talent at all levels and foster an inclusive environment that empowers everyone.
Applying with a Disability
KPMG International is proud to be inclusive and committed to fair treatment. If successful after the initial application, discuss any reasonable adjustments with your recruitment contact.
#J-18808-Ljbffr