KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our
clients' needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you'll translate insights into action and reveal opportunities for all-our teams, our clients and our world.
Service Line Overview
KPMG's Information Protection Group (IPG), an internal service team under Quality & Risk Management (Q&RM), focuses on driving matters covering information security, privacy, data rights and movement management. The team is to ensure expectations from our clients and regulatory bodies are addressed to stay competitive in our business.
This position will be based in Hong Kong and primarily focus on managing audit and compliance, strategic execution, manage communication with stakeholders including senior management.
Key Responsibilities
Report directly to the Information Security Officer and Head of Technology Risk on information security matters, the position will:
• Manage internal and external information security audits and compliance reviews including ISO27001, ISO27017 and ISO 27701.
• Ensure compliance with firm policies based on risk assessment results
• Ensure compliance applicable information security laws and regulations across Chinese Mainland, Hong Kong and Macao.
• Handle information protection queries from business units and authorities /
regulators.
• Execute the firm's agenda to enable business while maintaining strong information security
• Deliver security recommendations that balance information security, operational needs and business requirements.
• Partner with first-line IT, the technology group and business teams to safeguard company information while enabling business development and strategy
• Lead by example to foster collaboration and growth within the team
Experience & Background
• Minimum 10 years of relevant experience in the information security industry including at least 5 years in a managerial role.
• Prior experience in a Big 4 environment is a plus.
• University degree in information Technology, Computer Science, or a related discipline.
• Hands-on experience managing ISO27001, ISO27017 and ISO 27701, and relat4ed security frameworks.
• Professional certifications such as CISM, CISA and CISSP are highly preferrable
• Hands on risk assessment experience that addresses both technical controls and actual business risk exposure.
• Experience with China's MLPS 2.0 is preferred.
• Excellent written and spoken communications skills in English and Chinese (Cantonese and Mandarin)
• Good time management and analytical skills; able to work independently and provide accurate, timely reporting and management.
• Candidates with less experience will be considered for the Manager position
About KPMG
At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.
We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients. To lead by example, we launched Our Impact Plan (OIP) which includes our ESG commitments and progress across four key pillars - Planet, People, Prosperity and Governance.
We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.
You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only. KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China's Online Privacy Statement and/or KPMG China Privacy Statement (collectively " Privacy Statement"). During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking platform.
If you have any questions regarding the information you provided in the form or your job application in general, please contact KPMG China's HR personnel in the location where your application is submitted [ see here ].
23286980