Associate Director – National Information Technology Security Officer/Privacy Liaison

The NITSO/PL will be responsible for the day-to-day protection of internal data and client data within the scope of KPMG’s operations in Caricom, which currently has several offices in Barbados and the Eastern Caribbean, Jamaica, and Trinidad and Tobago.

KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 145 countries and territories with close to 236,000 partners and employees working in member firms around the world.  KPMG in Caricom invites you to be part of our dynamic integration by becoming our Manager – National Information Technology Security Officer (NITSO).

The Caricom National Information Technology Security Officer and Privacy Liaison (NITSO/PL) is a key non-client facing senior management role within the KPMG Caricom Risk Management and Information Technology Services structure. The role is multi-faceted and requires an individual with a strong IT security, data privacy, and / or IT audit background, as well as outstanding collaboration and communications skills.

The NITSO/PL will report to our Chief Operating Officer (COO) and will also receive technical guidance from the KPMG Islands Group’s National Information Technology Security Officer and its Privacy Liaison.  The NITSO/PL will be responsible for the day-to-day protection of internal data and client data within the scope of KPMG’s operations in Caricom, which currently has several offices in Barbados and the Eastern Caribbean, Jamaica, and Trinidad and Tobago.

RESPONSIBILITIES 

• Reviewing, interpreting and following up the results of weekly scans of patching and anti-virus status across the end-user computing and server estates
• Monitoring the results of periodic CIVA scans and following-up as required
• Developing and maintaining security policies and procedures in compliance with ISO27001-influenced standards
• Managing the completion of the mandatory staff training for Information Security and Data Privacy
• Periodic reviewing of critical systems and controls in ensuring compliance with policy in the management of confidential and highly sensitive information
• Assisting with validating compliance with information security configuration standards
• Initial completion and ongoing maintenance of risk assessments, including vendor- and SDLC-perspectives
• Assisting with periodic Business Impact Assessments; and
• Responding to client-specific requirements relating to Information Security

QUALIFICATIONS & EXPERIENCE

The successful candidate should have:

• Bachelor of Science in Information Technology, Computer Science or a related discipline
• CISM or CISSP certification or considered equivalent
• Five years’ management experience in information security or IT audit
• A sound understanding of network security, firewall configuration, and physical security concepts
• A solid appreciation of IT risk management particularly applicable to third party and staff activities
• Experience in developing IT security policies and procedures, crisis management plans, and disaster recovery plans
• Experience in completing Risk Assessments

Desirable Experience and qualifications

• Experience with managing confidential and highly sensitive PII
• Prior experience in managing a Document and/or Records Management System
• Prior experience with managing Identity and Access Management solutions; and
• Any of ISO27001 (highly desirable), ISO27018, CRISC, ISO22301, CBCI, CIPP / E