IT Risk and Compliance Manager (JESS)

Experienced IT Risk and Compliance Manager needed to develop and execute comprehensive IT and Security Risk Management measures.

OVERVIEW:

KPMG Jamaica has a delivery center named "Jamaica Extended Support Services (JESS)" operating from Kingston, which is contracted to provide support to its member firm KPMG United States ("the Client"). 
​

JOB SUMMARY: 

Experienced IT Risk and Compliance Manager needed to develop and execute comprehensive IT and Security Risk Management measures. This role requires in-depth knowledge of risk, compliance, and information security, with the ability to enable informed, risk-based decisions across various categories of risk. The ideal candidate will be skilled in fostering trust-based relationships, evaluating risk-reduction activities, and communicating effectively with leadership. 

​
JOB RESPONSIBILITIES

​

Service Delivery

•Apply a thorough knowledge of risk, compliance, and information security to develop and execute a multi-disciplined IT and Security Risk Management implementation plan, with the ability to enable leadership to make informed, risk-based decisions across disparate categories of risk, e.g., stability, operations, cyber, information handling, physical security, resiliency.
•Foster trust-based relationships with peers and leaders. Evaluate risk reduction and mitigation activities to continually drive towards risk reduction methodologies.
•Analyze the impacts of critical risks, define criteria to make risk tradeoffs, and make recommendations to leadership to minimize overall risk posture.
•Defend KPMG's security capabilities to external entities as needed.
•Evaluate the changing operating landscape and determine its impacts on organizational risks, obligations, and external expectations.
•Recommend changes to risk approach to ensure consistency with current IT and security best practices.
•Work with second and third lines of defense to ensure organizational risk and internal audit measures and evaluate the appropriate risk areas.
•Perform all activities from start to end associated with a risk assessment/analysis, from risk identification, analysis, evaluation, and treatment.
•Communicate results of the risk assessment/analysis to all levels of leadership. 
•Create executive-level presentations and dashboards to present on Key Risk Indicators (KRI).
•Work with risk owners to ensure progress is being made and tracked regarding longstanding risks and remediation tasks. 
•Maintain a proactive risk management approach by ensuring that new risks are appropriately assessed, documented, and addressed through remediation, if applicable.

EDUCATION/EXPERIENCE
•Bachelor's Degree in Computer Science, Business Management or a related field from an accredited educational institution 
•Minimum of five (5) years of relevant work experience
•Experience in a professional services organization with related experience in IT risk and controls preferred
•Demonstrated understanding of disparate compliance frameworks and risk management principles, as well as experience making decisions to optimize overall operational risk.
•Ability to analyze and synthesize technical data and convey it to non-technical audiences.
•Understanding of key business objectives and how to balance business objectives against IT risks.
•Strong verbal/written communication, problem solving, analytical and independent judgment skills to support an environment driven by customer service and teamwork. Ability to positively influence, mentor and be a credible source of knowledge to less experienced team members.
•Primary familiarity with the Five Lines of Defense model for managing risk. 
•Proficient in IT risk assessments, IT controls testing, evaluation of control evidence, identification of control deficiencies and facilitating the collaboration of remediation processes. 
•Proficient with risk documentation, including formalized risk registers, GRC frameworks and tools.
•Ability to adapt to a structured and unstructured ways of working in a changing & growing environment
•Capable of building strong professional relationships with ability to influence all levels across the organization, without direct reporting authority. 
•Must be able to execute against strategic initiatives for team. 
•Creative thinker with ability to identify innovative business solutions
•Strong PowerPoint and executive presentation skills.
•Prior experience of using ServiceNow & the Integrated Risk Management modules is a plus
•Knowledge in developing & using tools/solutions like PowerBI, Power Platform, Power Automate, MS Form, Access is a plus. 
•CRISC, CISM, CISA, or CISSP or equivalent level of experience preferred

COMPETENCIES

Business Competencies

•Communication - Delivering clear, effective communication and taking responsibility for understanding others. 
•Customer Service - Demonstrating a commitment to public service, serving internal and external customers while holding oneself accountable for quality outcomes. 
•Collaboration & Teamwork - Working cooperatively with others, inside and outside the organization, to accomplish objectives. Building and maintaining mutually beneficial partnerships while leveraging information and achieving results. 
•Stakeholder Management - Capable of building strong professional relationships with the ability to influence all levels across the organization

Technical Competencies

•Risk Management- Plans and implements measures to avoid, overcome or compensate for risk elements.
•Data Gathering and Analysis – Seeks or collects and synthesizes information from a variety of stakeholders and sources in an objective, unbiased manner to reach a conclusion, goal, or judgment and to enable strategic and leadership decision-making. 
•Problem-Solving – Identifies problems and uses logic, judgment, and data to evaluate alternatives and recommend solutions to achieve the desired organizational goal or outcome.


SPECIAL CONDITIONS

•JESS uses a hybrid work model, allowing staff to work from home in Jamaica or in the office. Employees must be in the office at least five days per month, with more days possible if required by business needs.
•You are expected to use KPMG-approved Generative AI tools to support your daily work tasks.
•Expected to work in a fast-paced team environment.
•Will be working primarily in a paperless environment and expected to be using information systems for the entire workday to access data or perform activities.
•May be required to work extended hours periodically or on public holidays.

Is this job for you?

If YES, please view the Job Description and APPLY on our job webpage immediately below:

IT Risk and Compliance Manager (K-JESS) APPLY HERE.

Learn more about JESS here: K-JESS Homepage    

© 2026 KPMG, a Jamaican partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.