Manager, Cloud Attestation, Tech Assurance Management (SOC2)

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today’s most important industries. Our growth is driven by delivering real results for our clients. It’s also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it’s no wonder we’re consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you’re as passionate about your future as we are, join our team.

KPMG is currently seeking a Manager, Cloud Attestation, Technology Assurance Management to join our Global Information Technology Group which is part of KPMG International.

Responsibilities:

• Plan for and coordinate multiple Service and Organizations Controls (SOC) 2 readiness assessment and examination streams for several business and technology areas, coordinate auditor and key stakeholder meetings, gather requested evidence, track and reporting on progress and provide updates to stakeholders
• Work closely with technology and business stakeholders to clarify compliance requirements and drive implementation of process improvements, provide leading practice and current guidance to control owners, assist in ensuring that controls are appropriately designed and effective and formally documented following global policies
• Prepare executive management reporting on SOC2 efforts status, support the management of project risks
• Oversee activities to ensure that audits are planned in advance, considering scope overlaps, stakeholder outreach and resource limitations and managed according to procedures; develops and implements PMO processes
• Identify themes in information protection audit observations and suggests solutions to efficiently address based on industry experience, leading practices and global technology group context
• Collaborate with other ITS Global teams, advising on suitable approach for auditable information protection practices and audit success, while ensuring minimum burden on business-as-usual activities

Qualifications:

• Minimum five years of experience in information protection, including leading and / or managing information protection controls assessments, such as those based on ISO27001, ISO27017 and SSAE18 / System and Organization Control 2 / SOC2 for cloud platforms (internal and / or external assessments)
• Bachelor’s Degree from an accredited college or university or equivalent work experience
• Strong SOC2 and IT operations knowledge; ISO27001 and ISO27001 standards, cloud security knowledge, certifications such as CISA or Certified ISO 27001 Lead Auditor a big plus
• Program and project management skills and experience with proven track record of leading multiple projects or programs, through the management of teams of cross-discipline specialist
• Experience with senior stakeholder management (including ability to efficiently articulate challenges), executive reporting, ability to apply forward thinking mindset, develop service strategy and understand business impact within a global team
• Strong cloud information protection audit experience that includes scoping, planning, performing, managing, reporting and remediation monitoring activities

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm’s compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.

At KPMG any employee, partner or contractor must be fully vaccinated or have a reasonable accommodation for COVID-19 in order to go to any KPMG office, or to work on or in association with a federal contract (unless prohibited by applicable law).