Manager, Global Cloud Security Guardrails (GCSG) Assessment

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team.

KPMG is currently seeking a Manager, Global Cloud Security Guardrails (GCSG) to join our Global Cloud Security Guardrails (GCSG) which is part of KPMG International.

Responsibilities:

• Plan, execute and report on assessments of cloud platforms against the Global Cloud Security Guardrails (GCSG)
• Provide feedback for risk treatment planning and remediation progress for gaps identified during the assessments, monitor and report on remediation progress
• Prepare management reporting on assessment results and potential risks
• Develop training and awareness materials and collaborate with other global, regional and local groups to raise awareness for the GCSG and deliver training
• Contribute to the development, maintenance and enhancement of the GCSG program framework, materials, process and procedures and the supporting technology solutions
• Provide SME input to overall efforts for GCSG automation (including deployment, monitoring and assessment)

Qualifications:

• Minimum 6 overall years of experience, with 4 years in information protection & cloud security experience within a corporate environment (global companies preferred)
• Bachelor's Degree from an accredited college or university or equivalent work experience
• Cloud technology and security certifications for Amazon Web Services (AWS) and Azure a plus, e.g. Microsoft Azure Solutions Architect Expert, Azure Security Engineer Associate, Microsoft DevOps Engineer Expert, CCSK, CISSP, CCSP, CISA, CEH, OSCP
• Good understanding of industry leading practices and standards on information technology and cloud security, including NIST 800-53, ISO 27001 and 27017, and cloud platform governance tools for Azure (e.g. Azure Policy, Blueprints, Azure Resource Graph etc.) and Amazon Web Services (AWS)
• Practical experience with ServiceNow Governance, Risk, and Compliance (GRC) Integrated Risk Management (IRM) administration and /or use: Strong experience planning, executing, managing and reporting skills for information security assessments of cloud platforms
• Good understanding of cloud security governance (preferably Amazon Web Services / AWS and Azure), cloud automation, infrastructure as code (ARM, Bicep, terraform etc.) and policy as code leveraging tools such as Azure Policy, Blueprints, Azure Resource Graph etc

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.

KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law. In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).