KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our
clients' needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you'll translate insights into action and reveal opportunities for all-our teams, our clients and our world.
Service Line Overview KPMG's Information Protection Group (IPG), an internal service team under Quality & Risk Management (Q&RM), focuses on driving matters covering information security, privacy, data rights and movement management. The team is to ensure expectations from our clients and regulatory bodies are addressed to stay competitive in our business.
This position will be based in Hong Kong and primarily focus on managing audit and compliance, strategic execution, manage communication with stakeholders including senior management.
Key Responsibilities Reporting directly to the Information Security Officer and Head of Technology Risk, the successful candidate will be responsible for:
- Managing internal and external information security audits and compliance reviews, including ISO 27001, ISO 27017, and ISO 27701.
- Ensuring compliance with firm policies, informed by risk assessment outcomes.
- Overseeing adherence to applicable information security laws and regulations across Chinese Mainland, Hong Kong, and Macao.
- Handling information protection queries from business units, authorities, and regulators.
- Executing the firm's agenda to enable business growth while maintaining robust information security standards.
- Delivering practical and strategic security recommendations that balance protection, operational needs, and business priorities.
- Collaborating with IT, technology teams, and business stakeholders to safeguard company information while supporting business development.
- Leading by example to foster teamwork, collaboration, and professional growth within the team.
Experience & Background - Minimum 10 years of relevant experience in information security, including at least 5 years in a managerial capacity.
- Previous experience in a Big Four environment is advantageous.
- University degree in Information Technology, Computer Science, or a related discipline.
- Hands-on experience implementing and managing ISO 27001, ISO 27017, and ISO 27701, along with associated security frameworks.
- Professional certifications such as CISM, CISA, or CISSP are highly desirable.
- Proven experience in conducting risk assessments, addressing both technical controls and business risk exposure.
- Familiarity with China's MLPS 2.0 framework is preferred.
- Excellent written and verbal communication skills in English and Chinese (Cantonese and Mandarin).
- Strong time management, analytical, and organisational skills, with the ability to work independently and produce accurate, timely reports.
- Candidates with less experience may be considered for the Manager position.
About KPMG At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.
We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients. To lead by example, we launched Our Impact Plan (OIP) which includes our ESG commitments and progress across four key pillars - Planet, People, Prosperity and Governance.
We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.
You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only. KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China's Online Privacy Statement and/or KPMG China Privacy Statement (collectively "
Privacy Statement"). During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking platform.
If you have any questions regarding the information you provided in the form or your job application in general, please contact KPMG China's HR personnel in the location where your application is submitted [ see here ].