Assistant Manager - Information Risk Assessment

Job Details: Location: Bengaluru Key Activities include:

• Conduct Information Security Risk assessments of the technologies and suppliers in line with KPMG requirements.
• Ensure appropriate information security contractual clauses are used in any supplier contracts.
• Work within agreed timescales, and keep the Information Risk Assessments on track within agreed SLA’s with business stakeholders.
• Support the Information Risk Assessment Practice Lead in the delivery of core services, improvements and value add activities to ensure the ongoing success of the Information Risk Assessment team.

• Perform risk assessments of projects, suppliers and hybrid (technology projects with a supplier),, managing demand and prioritising assessment appropriately.
• Review and interpret findings from technical assessments, penetration test reports, contractual clauses and other artefacts which support the identification of risks.
• Provide process guidance, progress updates and other communications as part of effective stakeholder management.
• Provide advice on how implementation of the firm’s information security policies and effective risk management associated with initiatives being subject to assessment.
• Support the firm’s mission to build client trust and confidence with regard to information security generally and information risk assessment specifically
• Stay abreast of industry best practice in relation to information risk assessments
• Support the delivery of a high-quality and timely information risk assessment service to the firm.
• Promote good information security practices and standards.

• Proactively foster an environment that drives appropriate information risk control behaviour, including early anticipation, identification and mitigation of information risk, as well as escalation of issues in line with the Information Risk Management Framework.
• Support the ongoing development and maintenance of the firm’s Information Risk Management Framework, including its supporting methodologies, processes and artefacts.

• Working with Project Team and requestors to ensure the accuracy of Risk Assessment forms, managing expectations, clarifying timelines and obtaining artefacts for the Risk Assessment Process.
• Ensure teams understand the Information Risk Assessment process and manage the process for specific assessments.
• Support the Information Risk Assessment team with other ad hoc work as required.

• Establish strong relationships with business, functional teams and other relevant stakeholders
• Build on and preserve the firm’s reputation with third-party suppliers around information security

• Relevant experience of information security risk assessments or demonstrably transferable exposure.
• Working knowledge of industry best practice around information security controls covering: cloud security, network security, application security, encryption, information security testing, vulnerability management, access governance, and SaaS assurance.
• Familiarity with information security standards (e.g. Cyber Essentials, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls).
• An understanding of personal data and privacy.
• Security certifications desirable

• Strong analytical and problem-solving skills, with excellent attention to detail.
• Proven ability to identify and articulate information security requirements, risks and issues, and formulate clear decisions and recommendations.
• Ability to understand business drivers and risk appetite, in order to make informed risk assessment decisions.