Digital Security and Compliance Contractor - English Speaker (F/H)

Vos Challenges

As a Digital Security and Compliance Contractor, you will play a key role in supporting the organization’s Digital security and compliance initiatives and ensuring compliance with relevant regulations, policies and standards.
You will act as the first line of defense, Implements the information security strategy ensuring alignment with Digital Solutions, and enforces Compliance while mitigating Digital risks.
You will conduct Risk assessment and security review, assist in the development of processes, and facilitate training programs to promote a culture of security awareness across the organization, thereby enhancing the overall security posture.
You will work closely with cross-functional teams to identify security risks, implement security measures, and ensure adherence to compliance requirements, thereby safeguarding the organization’s information and technology infrastructure.

KEY ACCOUNTABILITIES:

1. Compliance with Security policies/standards
• Ensure adherence to and compliance with Security policies and security Standards.
• Collaborate with other teams to guarantee consistent implementation of relevant security controls across the organization.
• Coordinate the treatment of non-compliance and exceptions to the Information Security Policy, standard, regulation, and laws (ISO27001, GDPR, DORA, EU AI Act…).

2. Risk Assessment
• Conduct regular security assessments to identify vulnerabilities and risks within the digital environment.
• Support the risk assessment process by facilitating and following up on the implementation of mitigation strategies.
• Develop and implement risk mitigation strategies to address identified security threats.

3. Technology/Security Review
• Review and approve significant changes to Digital solution, technology, and cloud environments.
• Analyze requests for policies and standard exceptions.
• Review and approve software and firewall requests.

4. Audit support
• Collaborate with auditors to facilitate audit processes and address any findings or recommendations.
• Support internal and external audits related to Digital Security and Compliance, by providing security-related documentation and technical details.
• Support and follow up remediation activities within agreed timelines.

5. Compliance Monitoring & Reporting
• Monitor the compliance posture with information security policies, standards, contractual agreements, laws, and regulatory requirements through effective metrics and reporting.
• Prepare compliance reports to stakeholders, emphasizing areas of concern and providing recommendations for improvement.

6. Client Inquiry and Compliance Management
• Engage in the preparation and review of responses specifically addressing digital and security-related questions in RFPs, RFIs, and due diligence inquiries.
• Ensure that client requirements, as outlined in contractual agreements, are met, and effectively implemented.

7. Training & Awareness Programs
• Develop and deliver training sessions on digital security best practices and compliance requirements for employees at all levels.
• Foster a culture of security and compliance by design within the organization.

8. Knowledge Management
• Collaborate with stakeholders to facilitate the development and review of policies and processes, ensuring the integration of security requirements by design at every step.
• Ensure that policies and processes are effectively communicated and understood throughout the organization.

Votre Profil

TECHNICAL SKILLS & QUALIFICATIONS:

• Familiar with security frameworks (e.g., ISO 27001, ISO27005, NIST) and compliance regulations (e.g., GDPR, DORA, EU AI Act…).
• Knowledge of IT domains (Infrastructure, software development, Cloud, Artificial Intelligence and Data protection).
• Ability to develop processes that ensure high data quality.
• Ability to work collaboratively with cross-functional teams.
• Ability to work under pressure.
• Strong organizational, multi-tasking and time management skills.
• Detail-oriented and results-driven.
• Strong writing and communication skills.
• Effective communication across all organizational levels in a diplomatic manner.
• Ability to work independently as well as within a team.
• Business/client-oriented mindset.

EXPERIENCE & KNOWLEDGE:

• Master’s degree in Cybersecurity, Information Technology, or a related field.
• 5-7+ years of experience in Digital security, compliance, or a related area.
• Experience implementing ISMS frameworks in relation to ISO 27001.
• Experience with Information Security Risk Management Framework (ISO27005) and tools.
• ISO27001 Lead Implementer and ISO27005 Risk Manager certifications.
• CISSP, CISM, or similar certifications are considered an asset.

Votre environnement de travail

KPMG is a global organization of independent professional services firms providing Audit, Tax and Advisory services. KPMG is the brand under which the member firms of KPMG International Limited (“KPMG International”) operate and provide professional services. “KPMG” is used to refer to individual member firms within the KPMG organization or to one or more member firms collectively.

KPMG firms operate in 145 countries and territories with more than 236,000 partners and employees working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such. Each KPMG member firm is responsible for its own obligations and liabilities.