Information Protection GRC Expert

Find your purpose at KPMG Luxembourg

We see a world of opportunity. From uncovering ways to digitalize, to enabling new sectors to take off, to building sustainability and resilience into economies, we know insights reveal new opportunities for all.

We are diverse and dedicated problem solvers, part of the worldwide network of high-quality audit, tax and advisory services. 

We offer excellent career prospects that balance autonomy, flexibility, and responsibility. Our comprehensive benefits inspire our people to do and feel their best. 

Right now, we have more than 1800 employees from over 70 nationalities. Join our growing group of young and youthful innovators to uncover a world of opportunity together.

We are seeking for an Information Protection GRC Expert.

You will manage the Information Security Risk and Compliance program. Also, you will work with cross-functional teams and interface with third parties to support compliance and risk management activities.

What you will be working on

Compliance and Risk Management Leadership

• Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
• Coordinate the treatment of non-conformity with, and exceptions to, the Information Security Policy, norms and laws (ISO27001, GDPR).
• Address technical policy, compliance and regulatory issues.
• Provide efficient contract reviews.
• Contribute to the Firm’s RFP submission processes in the Security related sections of those processes.
• Stay abreast of regulatory and norm changes affecting KPMG Business and information Security (in particular ISO27000 series and GDPR).

Governance and Project Leadership

• Develop a risk decision framework to help understand critical areas.
• Work with Information Security Officer, NITSO and QRMP to build cohesive security and compliance programs.

Risk Management

• Establish Risk Management Framework Processes and Tools.
• Coordinate and perform the assessment and analysis of information security risks and monitors compliance with security standards and appropriate policies.

What we look for

• Bachelor or Master degree in IT – ideally with specialty in Information Security.
• At least 6 years of experience with information security concepts and practices with at least 2 years in a Compliance and/or Information Security Risk Management.
• Experience implementing ISMS frameworks in relation to ISO 27001.
• Experience with Information Security Risk Management Framework (ISO27005) and Tools.
• Knowledge of IT Domain (Infrastructure, software development and Data protection).
• ISO27001 Lead Implementer, ISO27005 Risk manager certification.
• Project management skills.
• CISSP, CISM or similar certifications could be an important asset.
• English is mandatory. French is considered as an asset.
• Details and results oriented.
• Strong writing skills.
• Strong organizational, multi-tasking, and time management skills.
• Ability to speak and communicate effectively and in diplomatic manner across all levels of the organization.
• Good influencing and negotiation skills.
• Ability to work independently and within a team.
• Business/client oriented.

What will you get

We offer more than jobs. With our flexible work model, you can enjoy work and rest and recharge. Our competitive compensation packages, paid time away from work, recognition bonuses and dedicated programs for personal development and wellbeing help to keep everyone refreshed and motivated.

By submitting your resume and application information, you authorize KPMG to transmit and store your information in the KPMG recruitment database, and to circulate that information as necessary for the purpose of evaluating your qualifications for this or other job vacancies.

KPMG is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. Our recruiting decisions are based on your experience and skills.