KPMG US
Lead Specialist, Governance, Risk, & Compliance
KPMG US, Columbus, Ohio, United States, 43224
Lead Specialist, Governance, Risk, & Compliance
Join KPMG US to apply for the Lead Specialist, Governance, Risk, & Compliance role.
Responsibilities
Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support functional workstreams, and oversee an offshore continuous controls monitoring program to validate ongoing effectiveness of key controls.
Maintain a comprehensive risk register, conduct regular risk assessments and mitigation planning, lead independent, targeted risk assessments on high‐risk areas, and oversee 1st Line mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact.
Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; work to ensure client IT risk and control framework principles are grounded in best practice standards including COBIT, NIST CSF, ISO 27001, and ITIL.
Oversee the offshore development and maintenance of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure control environment health, translate complex risk and control data into concise narratives for leadership consumption, and present to client leadership quality risk posture reports, dashboards, and governance committee materials highlighting key risks, control deficiencies, and remediation progress.
Supervise the offshore execution of assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and agentic usage (bots, automations, AI agents, LLMs, and more), and oversee offshore support of clients’ controls readiness for major technology changes and merger/acquisition activity.
Build and maintain strong relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; act as KPMG lead with audit groups, oversee offshore facilitation of audit fieldwork, request coordination, issue management, and control deficiency resolution.
Develop and conduct regular training sessions and awareness campaigns, including e‑learning modules, support BCDR planning and conduct testing and drills to ensure readiness and resilience, manage resource allocation, conduct budget management, and perform staff development through coaching and feedback.
Act with integrity, professionalism, and personal responsibility to uphold KPMG’s respectful work environment.
Qualifications
Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cyber security.
Bachelor’s degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred.
Strong experience with client interactions, both written and verbal, preferably within a professional services firm or managed services context.
Familiarity with audit testing, control evidence evaluation, identification of control deficiencies, and remediation processes; experience with NIST, ISO, HIPAA, GDPR, and other IT, privacy and information security frameworks.
Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream, able to handle multiple projects and deadlines in a fast‑paced environment.
Strong verbal and written communication, problem‑solving, analytical, and independent judgment skills; ability to mentor and be a trusted advisor to peers and leadership.
Ability to travel as required.
Authorized to work in the U.S. without sponsorship; KPMG does not sponsor work visa status for this opportunity.
Equal Opportunity Employment KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable laws.
#J-18808-Ljbffr
Responsibilities
Provide strategic oversight and governance for GRC platforms, ensuring requirements, incident management, enhancement support, and platform maintenance operate efficiently to support functional workstreams, and oversee an offshore continuous controls monitoring program to validate ongoing effectiveness of key controls.
Maintain a comprehensive risk register, conduct regular risk assessments and mitigation planning, lead independent, targeted risk assessments on high‐risk areas, and oversee 1st Line mitigation planning to address root causes; act as a key point of contact for risk discussions with clients, translating risks related to new laws, regulations, technology, or merger/acquisition activity into business impact.
Develop and manage compliance programs, maintain regulatory compliance calendars, and update policy standards; work to ensure client IT risk and control framework principles are grounded in best practice standards including COBIT, NIST CSF, ISO 27001, and ITIL.
Oversee the offshore development and maintenance of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure control environment health, translate complex risk and control data into concise narratives for leadership consumption, and present to client leadership quality risk posture reports, dashboards, and governance committee materials highlighting key risks, control deficiencies, and remediation progress.
Supervise the offshore execution of assessments to help clients prepare for new regulatory requirements (PCI, HIPAA, NIS2, GDPR, SOX, and more) and agentic usage (bots, automations, AI agents, LLMs, and more), and oversee offshore support of clients’ controls readiness for major technology changes and merger/acquisition activity.
Build and maintain strong relationships with 1st Line operational teams, onshore GRC counterparts, and client leadership; act as KPMG lead with audit groups, oversee offshore facilitation of audit fieldwork, request coordination, issue management, and control deficiency resolution.
Develop and conduct regular training sessions and awareness campaigns, including e‑learning modules, support BCDR planning and conduct testing and drills to ensure readiness and resilience, manage resource allocation, conduct budget management, and perform staff development through coaching and feedback.
Act with integrity, professionalism, and personal responsibility to uphold KPMG’s respectful work environment.
Qualifications
Minimum five years of recent risk and compliance experience within a large professional services environment specializing in cyber security.
Bachelor’s degree in information technology, cybersecurity, business administration, or related field; professional certifications such as CISSP, CISM, CRISC, or equivalent preferred.
Strong experience with client interactions, both written and verbal, preferably within a professional services firm or managed services context.
Familiarity with audit testing, control evidence evaluation, identification of control deficiencies, and remediation processes; experience with NIST, ISO, HIPAA, GDPR, and other IT, privacy and information security frameworks.
Experience with GRC platforms such as Archer, ServiceNow GRC, or MetricStream, able to handle multiple projects and deadlines in a fast‑paced environment.
Strong verbal and written communication, problem‑solving, analytical, and independent judgment skills; ability to mentor and be a trusted advisor to peers and leadership.
Ability to travel as required.
Authorized to work in the U.S. without sponsorship; KPMG does not sponsor work visa status for this opportunity.
Equal Opportunity Employment KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable laws.
#J-18808-Ljbffr