This role will liaise with IT and other business representatives to ensure project pipelines are understood and reflected in IT Risk & Security's resource planning.

***Only applications submitted via the link at APPLY HERE 

immediately below will be considered.***

OVERVIEW:

KPMG Jamaica has a delivery center named "Jamaica Extended Support Services (JESS)" operating from Kingston, which is contracted to provide office support to its member firm KPMG United States ("the Client").

​

JOB SUMMARY:

This role will liaise with IT and other business representatives to ensure project pipelines are understood and reflected in IT Risk & Security's resource planning. They will participate in skills development activities for information security personnel, continuously improve security aspects of operating processes, and perform information security risk assessments of technology-enabled projects on a periodic schedule.

​

JOB RESPONSIBILITIES

​Service Delivery

• Apply a fundamental understanding of information security to perform information security risk assessments of technology enabled projects against industry standard or firm-specific control frameworks. Activities may include a variety of techniques, including vendor reviews, security requirement definition, and facilitation of security testing and management of residual risk.
• Participate in skills development activities for information security personnel related to security best practices; Continuously improve the security aspects of operating processes.
• Perform cyber security risk assessments of technology enabled projects with standard levels of complexity. Activities include vendor reviews, security requirement definition, facilitation of security testing and management of residual risk.
• Utilize knowledge and understanding of application architecture, design and development and secure coding principles and emerging standards to identify findings and clearly communicate risks and possible remediation
• Advise and assist project teams regarding compensating control alternatives where security requirements cannot be met
• Serve as the primary point of contact between IT project teams and IT Security groups to ensure that appropriate security resources are scheduled, and that security-related project objectives and timelines are met. Review evidence provided to close corrective action plans, ensuring that it meets the control objectives.
• Strong verbal/written communication, collaboration, analytical and presentation skills to lead an environment driven by customer service and teamwork. Experience leading meetings and operating effectively in a matrixed environment.

  ​

  EDUCATION/EXPERIENCE

• Bachelor's Degree in Information Technology or a related field from an accredited educational institution, OR equivalent Professional Accreditation.
• Certifications in CISSP or CISA preferred
• Minimum of three (3) years of relevant work experience in information security assessment or compliance
• Has firm grasp of security principles, IT security controls and related technologies and products
• Familiar with NIST 800-53, NIST 800-171, NIST 800-66, CMMC, NIST Framework, ISO, HITRUST, PCI, and/or other relevant control frameworks

 SPECIAL CONDITIONS

• Expected to work in a fast-paced team environment.
• Will be working primarily in a paperless environment and expected to be using information systems for the entire workday to access data or perform activities.
• May be required to work extended hours periodically or on public holidays.

Is this job for you?

If YES, please view the Job Description and APPLY on our job webpage immediately below:

Information Security Project Specialist APPLY HERE .

Learn more about JESS here: K-JESS Homepage    

© 2024 KPMG, a Jamaican partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.