KPMG US
Lead Specialist, Governance, Risk, & Compliance
KPMG US, Kansas City, Missouri, United States, 64101
Overview
Lead Specialist, Governance, Risk, & Compliance to join KPMG Advisory’s Managed Services practice. The role involves providing governance and oversight for GRC platforms, developing and managing compliance programs, and collaborating with client leadership and offshore/onshore teams to support regulatory requirements and risk management. Responsibilities
Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support GRC functional workstreams, and oversee an offshore continuous controls monitoring program to validate the ongoing effectiveness of key controls. Maintain a comprehensive risk register and conduct regular risk assessments and mitigation planning; lead independent risk assessments on high-risk areas and oversee the first-line’s mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact. Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; ensure client IT risk and control framework principles are grounded in best-practice standards including COBIT, NIST CSF, ISO 27001, and ITIL. Oversee offshore development and maintenance of KPIs and KRIs to measure the health of the control environment; translate complex risk and control data into clear narratives for leadership; present quality risk posture reports, dashboards, and governance materials highlighting key risks, control deficiencies, and remediation progress. Supervise offshore execution of assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and offshore support of clients’ controls readiness for major technology changes and M&A activity; assess impact and required control modifications. Build and maintain strong, collaborative relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; lead with internal and external audit groups; oversee offshore facilitation of audit fieldwork and the issue management lifecycle to document, assign ownership, and track resolution of control deficiencies and audit findings. Develop and conduct regular training sessions and awareness campaigns, including e-learning modules; support BCDR planning and testing; manage resource allocation and budgeting; provide performance development for staff; lead multiple managed services projects and support solution development and go-to-market initiatives. Act with integrity and professionalism to uphold KPMG’s respectful work environment. Qualifications
Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cybersecurity. Bachelor’s degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred. Strong client interaction skills (written and verbal); proven experience managing client relationships and delivering high-quality service in a managed services context. Familiarity with audit testing, evaluation of control evidence, identification of control deficiencies, and remediation; experience with NIST, ISO, HIPAA, GDPR, and other IT, privacy, and information security frameworks. Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream; ability to handle multiple projects and deadlines in a fast-paced environment; strong problem solving, organization, and independent judgment; ability to build productive relationships with peers. Strong verbal/written communication, analytical and independent judgment skills; ability to influence, mentor, and be a trusted advisor to both 1st Line and senior leadership; capable of operating with a high degree of autonomy amidst ambiguity. Ability to travel as required. Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; no sponsorship is available for this opportunity. Equal Opportunity
KPMG is an equal opportunity employer.
#J-18808-Ljbffr
Lead Specialist, Governance, Risk, & Compliance to join KPMG Advisory’s Managed Services practice. The role involves providing governance and oversight for GRC platforms, developing and managing compliance programs, and collaborating with client leadership and offshore/onshore teams to support regulatory requirements and risk management. Responsibilities
Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support GRC functional workstreams, and oversee an offshore continuous controls monitoring program to validate the ongoing effectiveness of key controls. Maintain a comprehensive risk register and conduct regular risk assessments and mitigation planning; lead independent risk assessments on high-risk areas and oversee the first-line’s mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact. Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; ensure client IT risk and control framework principles are grounded in best-practice standards including COBIT, NIST CSF, ISO 27001, and ITIL. Oversee offshore development and maintenance of KPIs and KRIs to measure the health of the control environment; translate complex risk and control data into clear narratives for leadership; present quality risk posture reports, dashboards, and governance materials highlighting key risks, control deficiencies, and remediation progress. Supervise offshore execution of assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and offshore support of clients’ controls readiness for major technology changes and M&A activity; assess impact and required control modifications. Build and maintain strong, collaborative relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; lead with internal and external audit groups; oversee offshore facilitation of audit fieldwork and the issue management lifecycle to document, assign ownership, and track resolution of control deficiencies and audit findings. Develop and conduct regular training sessions and awareness campaigns, including e-learning modules; support BCDR planning and testing; manage resource allocation and budgeting; provide performance development for staff; lead multiple managed services projects and support solution development and go-to-market initiatives. Act with integrity and professionalism to uphold KPMG’s respectful work environment. Qualifications
Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cybersecurity. Bachelor’s degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred. Strong client interaction skills (written and verbal); proven experience managing client relationships and delivering high-quality service in a managed services context. Familiarity with audit testing, evaluation of control evidence, identification of control deficiencies, and remediation; experience with NIST, ISO, HIPAA, GDPR, and other IT, privacy, and information security frameworks. Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream; ability to handle multiple projects and deadlines in a fast-paced environment; strong problem solving, organization, and independent judgment; ability to build productive relationships with peers. Strong verbal/written communication, analytical and independent judgment skills; ability to influence, mentor, and be a trusted advisor to both 1st Line and senior leadership; capable of operating with a high degree of autonomy amidst ambiguity. Ability to travel as required. Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; no sponsorship is available for this opportunity. Equal Opportunity
KPMG is an equal opportunity employer.
#J-18808-Ljbffr