Job Description

Lead Specialist, Governance, Risk, & Compliance

Join to apply for the Lead Specialist, Governance, Risk, & Compliance role at KPMG US

Overview

KPMG Advisory practice is a fastgrowing area with strong client demand. We are adaptable and collaborative, offering opportunities for learning, career development, and growth. If you are looking for a firm with a strong team connection where you can grow professionally and personally, consider a career in Advisory.

Responsibilities

• Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support GRC functional workstreams; oversee an offshore continuous controls monitoring program to validate the ongoing effectiveness of key controls
• Maintain a comprehensive risk register, conduct regular risk assessments and mitigation planning; lead independent, targeted risk assessments on highrisk areas and oversee the 1st Line\'s mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact
• Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; ensure client IT risk and control framework principles align with best practice standards including COBIT, NIST CSF, ISO 27001, and ITIL
• Oversee offshore development and maintenance of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs); translate complex risk and control data into clear narratives for leadership; present to client leadership the quality risk posture reports, dashboards, and governance committee materials
• Supervise offshore execution of assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and supervise offshore support of clients\' controls readiness for major technology changes (product upgrades, platform migrations) and merger/acquisition activity
• Build and maintain strong, collaborative relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; act as KPMG lead with internal and external audit groups; oversee offshore facilitation of audit fieldwork and the issue management lifecycle
• Develop and conduct regular training sessions and awareness campaigns, including elearning modules to enhance organizational GRC knowledge; support business continuity and disaster recovery planning and testing; contribute to budgeting, resource allocation, and performance development of staff; lead multiple managed services projects and support KPMG\'s Managed Services solution development
• Act with integrity, professionalism, and personal responsibility to uphold KPMG\'s respectful and courteous work environment

Qualifications

• Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cybersecurity
• Bachelor\'s degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred
• Strong experience with client interactions, written and verbal communication; proven ability to manage client relationships and deliver highquality service in a managed services context
• Familiarity with audit testing, evaluation of control evidence, identification of control deficiencies, and remediation processes; experience with NIST, ISO, HIPAA, GDPR, and other IT, Privacy and Information Security Frameworks
• Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream; ability to manage multiple projects and deadlines in a fastpaced environment; strong problem solving and organizational skills
• Excellent verbal and written communication, analytical and independent judgment skills; ability to influence, mentor, and build trusted relationships with peers and leadership
• Ability to travel as required
• Authorized to work in the U.S. without sponsorship now or in the future

KPMG is an Equal Opportunity Employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship status, disability, or protected veteran status.

Position Details

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: General Business

Follow this link to obtain salary ranges by city outside of CA:

Los Angeles County applicants: material job duties are listed above. California Fair Chance Act and related ordinances apply where required.

Job Tags

Similar Jobs