KPMG US
Lead Specialist, Governance, Risk, & Compliance
KPMG US, Greenville, South Carolina, us, 29610
Lead Specialist, Governance, Risk, & Compliance
Join to apply for the Lead Specialist, Governance, Risk, & Compliance role at KPMG US. Overview
KPMG Advisory is a fast-growing practice focused on client demand in governance, risk, and compliance. Our professionals thrive in a collaborative, team-driven culture with opportunities for learning and career development. If you are looking for a firm with strong team connections, where you can have an impact, advance your skills, and expand your capabilities, consider a career in Advisory. Responsibilities
Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support GRC functional workstreams, and oversee an offshore continuous controls monitoring program to validate the ongoing effectiveness of key controls Maintain a comprehensive risk register and conduct regular risk assessments and mitigation planning; lead independent, targeted risk assessments on high-risk areas and oversee the 1st Line's mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; ensure client IT risk and control framework principles are grounded in best-practice standards including COBIT, NIST CSF, ISO 27001, and ITIL Oversee offshore development and maintenance of KPIs and KRIs to measure the health of the control environment; translate complex risk and control data into clear narratives for leadership; present risk posture reports, dashboards, and governance materials highlighting key risks, control deficiencies, and remediation progress Supervise offshore assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and supervise offshore support of controls readiness for major technology changes and merger/acquisition activity, assessing impact and required control modifications Build and maintain strong, collaborative relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; lead with internal and external audit groups; oversee offshore facilitation of audit fieldwork and the issue management lifecycle to ensure deficiencies are documented, owned, and tracked to resolution Develop and conduct regular training sessions and awareness campaigns, including e-learning modules to enhance organizational GRC knowledge; support business continuity and disaster recovery planning, conduct testing and drills, establish resource allocation, budget management, and provide performance development for staff Lead multiple managed services projects, support KPMG's Managed Services solution development, and contribute to go-to-market initiatives and marketing efforts Act with integrity, professionalism, and personal responsibility in line with KPMG’s values Qualifications
Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cybersecurity Bachelor's degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred Strong experience with client interactions and managing client relationships; demonstrated ability to deliver high-quality service in a managed services context Familiarity with audit testing, evaluation of control evidence, identification of control deficiencies, and remediation processes; experience with NIST, ISO, HIPAA, GDPR, and other IT, Privacy, and Information Security Frameworks and laws Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream; ability to handle multiple projects and deadlines; strong problem solving and analytical skills; ability to build productive relationships with peers Strong verbal and written communication, analytical and independent judgment skills; ability to influence, mentor, and be a credible source of knowledge to less experienced team members; capability to operate autonomously and provide clear direction amidst ambiguity Ability to travel as required Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future KPMG is an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship status, disability, or protected veteran status. EEO statements will be applied in accordance with applicable law.
#J-18808-Ljbffr
Join to apply for the Lead Specialist, Governance, Risk, & Compliance role at KPMG US. Overview
KPMG Advisory is a fast-growing practice focused on client demand in governance, risk, and compliance. Our professionals thrive in a collaborative, team-driven culture with opportunities for learning and career development. If you are looking for a firm with strong team connections, where you can have an impact, advance your skills, and expand your capabilities, consider a career in Advisory. Responsibilities
Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support GRC functional workstreams, and oversee an offshore continuous controls monitoring program to validate the ongoing effectiveness of key controls Maintain a comprehensive risk register and conduct regular risk assessments and mitigation planning; lead independent, targeted risk assessments on high-risk areas and oversee the 1st Line's mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; ensure client IT risk and control framework principles are grounded in best-practice standards including COBIT, NIST CSF, ISO 27001, and ITIL Oversee offshore development and maintenance of KPIs and KRIs to measure the health of the control environment; translate complex risk and control data into clear narratives for leadership; present risk posture reports, dashboards, and governance materials highlighting key risks, control deficiencies, and remediation progress Supervise offshore assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and supervise offshore support of controls readiness for major technology changes and merger/acquisition activity, assessing impact and required control modifications Build and maintain strong, collaborative relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; lead with internal and external audit groups; oversee offshore facilitation of audit fieldwork and the issue management lifecycle to ensure deficiencies are documented, owned, and tracked to resolution Develop and conduct regular training sessions and awareness campaigns, including e-learning modules to enhance organizational GRC knowledge; support business continuity and disaster recovery planning, conduct testing and drills, establish resource allocation, budget management, and provide performance development for staff Lead multiple managed services projects, support KPMG's Managed Services solution development, and contribute to go-to-market initiatives and marketing efforts Act with integrity, professionalism, and personal responsibility in line with KPMG’s values Qualifications
Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cybersecurity Bachelor's degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred Strong experience with client interactions and managing client relationships; demonstrated ability to deliver high-quality service in a managed services context Familiarity with audit testing, evaluation of control evidence, identification of control deficiencies, and remediation processes; experience with NIST, ISO, HIPAA, GDPR, and other IT, Privacy, and Information Security Frameworks and laws Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream; ability to handle multiple projects and deadlines; strong problem solving and analytical skills; ability to build productive relationships with peers Strong verbal and written communication, analytical and independent judgment skills; ability to influence, mentor, and be a credible source of knowledge to less experienced team members; capability to operate autonomously and provide clear direction amidst ambiguity Ability to travel as required Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future KPMG is an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship status, disability, or protected veteran status. EEO statements will be applied in accordance with applicable law.
#J-18808-Ljbffr