KPMG US
Lead Specialist, Governance, Risk, & Compliance
KPMG US, Washington, District of Columbia, us, 20022
Lead Specialist, Governance, Risk, & Compliance
Join to apply for the
Lead Specialist, Governance, Risk, & Compliance
role at
KPMG US
Overview KPMG Advisory practice is a fast‑growing area with strong client demand. We are adaptable and collaborative, offering opportunities for learning, career development, and growth. If you are looking for a firm with a strong team connection where you can grow professionally and personally, consider a career in Advisory.
Responsibilities
Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support GRC functional workstreams; oversee an offshore continuous controls monitoring program to validate the ongoing effectiveness of key controls
Maintain a comprehensive risk register, conduct regular risk assessments and mitigation planning; lead independent, targeted risk assessments on high‑risk areas and oversee the 1st Line\'s mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact
Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; ensure client IT risk and control framework principles align with best practice standards including COBIT, NIST CSF, ISO 27001, and ITIL
Oversee offshore development and maintenance of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs); translate complex risk and control data into clear narratives for leadership; present to client leadership the quality risk posture reports, dashboards, and governance committee materials
Supervise offshore execution of assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and supervise offshore support of clients\' controls readiness for major technology changes (product upgrades, platform migrations) and merger/acquisition activity
Build and maintain strong, collaborative relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; act as KPMG lead with internal and external audit groups; oversee offshore facilitation of audit fieldwork and the issue management lifecycle
Develop and conduct regular training sessions and awareness campaigns, including e‑learning modules to enhance organizational GRC knowledge; support business continuity and disaster recovery planning and testing; contribute to budgeting, resource allocation, and performance development of staff; lead multiple managed services projects and support KPMG\'s Managed Services solution development
Act with integrity, professionalism, and personal responsibility to uphold KPMG\'s respectful and courteous work environment
Qualifications
Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cybersecurity
Bachelor\'s degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred
Strong experience with client interactions, written and verbal communication; proven ability to manage client relationships and deliver high‑quality service in a managed services context
Familiarity with audit testing, evaluation of control evidence, identification of control deficiencies, and remediation processes; experience with NIST, ISO, HIPAA, GDPR, and other IT, Privacy and Information Security Frameworks
Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream; ability to manage multiple projects and deadlines in a fast‑paced environment; strong problem solving and organizational skills
Excellent verbal and written communication, analytical and independent judgment skills; ability to influence, mentor, and build trusted relationships with peers and leadership
Ability to travel as required
Authorized to work in the U.S. without sponsorship now or in the future
KPMG is an Equal Opportunity Employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship status, disability, or protected veteran status.
Position Details
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: General Business
Follow this link to obtain salary ranges by city outside of CA: https://kpmg.com/us/en/how-we-work/pay-transparency.html/?id=M167_3_25
Los Angeles County applicants: material job duties are listed above. California Fair Chance Act and related ordinances apply where required.
#J-18808-Ljbffr
Lead Specialist, Governance, Risk, & Compliance
role at
KPMG US
Overview KPMG Advisory practice is a fast‑growing area with strong client demand. We are adaptable and collaborative, offering opportunities for learning, career development, and growth. If you are looking for a firm with a strong team connection where you can grow professionally and personally, consider a career in Advisory.
Responsibilities
Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support GRC functional workstreams; oversee an offshore continuous controls monitoring program to validate the ongoing effectiveness of key controls
Maintain a comprehensive risk register, conduct regular risk assessments and mitigation planning; lead independent, targeted risk assessments on high‑risk areas and oversee the 1st Line\'s mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact
Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; ensure client IT risk and control framework principles align with best practice standards including COBIT, NIST CSF, ISO 27001, and ITIL
Oversee offshore development and maintenance of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs); translate complex risk and control data into clear narratives for leadership; present to client leadership the quality risk posture reports, dashboards, and governance committee materials
Supervise offshore execution of assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and supervise offshore support of clients\' controls readiness for major technology changes (product upgrades, platform migrations) and merger/acquisition activity
Build and maintain strong, collaborative relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; act as KPMG lead with internal and external audit groups; oversee offshore facilitation of audit fieldwork and the issue management lifecycle
Develop and conduct regular training sessions and awareness campaigns, including e‑learning modules to enhance organizational GRC knowledge; support business continuity and disaster recovery planning and testing; contribute to budgeting, resource allocation, and performance development of staff; lead multiple managed services projects and support KPMG\'s Managed Services solution development
Act with integrity, professionalism, and personal responsibility to uphold KPMG\'s respectful and courteous work environment
Qualifications
Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cybersecurity
Bachelor\'s degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred
Strong experience with client interactions, written and verbal communication; proven ability to manage client relationships and deliver high‑quality service in a managed services context
Familiarity with audit testing, evaluation of control evidence, identification of control deficiencies, and remediation processes; experience with NIST, ISO, HIPAA, GDPR, and other IT, Privacy and Information Security Frameworks
Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream; ability to manage multiple projects and deadlines in a fast‑paced environment; strong problem solving and organizational skills
Excellent verbal and written communication, analytical and independent judgment skills; ability to influence, mentor, and build trusted relationships with peers and leadership
Ability to travel as required
Authorized to work in the U.S. without sponsorship now or in the future
KPMG is an Equal Opportunity Employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship status, disability, or protected veteran status.
Position Details
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: General Business
Follow this link to obtain salary ranges by city outside of CA: https://kpmg.com/us/en/how-we-work/pay-transparency.html/?id=M167_3_25
Los Angeles County applicants: material job duties are listed above. California Fair Chance Act and related ordinances apply where required.
#J-18808-Ljbffr