Senior Manager - IT Risk Services

at  KPMG

Overview:
At KPMG, you’ll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.
Are you a talented leader with a proven track record for motivating teams and delivering exceptional client service?
Our Technology Risk Consulting services team is growing and we are looking for Senior Manager to join our team in Toronto. The Technology Risk Consulting practice provides a variety of services to our clients. The successful candidate will focus primarily on performing IT risk reviews, performing tech advisory engagements or providing IT internal audit support across the IT risk domain.

What you will do:

• Conducting assessments of IT risks and controls in support of internal and external audit and advisory engagements, related to for instance:
• Data governance assessments and reviews.
• IT projects and system implementations.
• IT project assurance reviews
• IT governance reviews
• IT Third party risk management.
• IT asset management audits.
• Supporting assessments for broader information security topics (cyber maturity assessments, ISO audits, incident management reviews etc.) as well IT general controls.
• Monitoring relevant technology risk standards and practices.
• Developing risk and control matrices and reviewing procedures.
• The review and provision of advice and assistance on business process controls.
• Engagement risk management: quality assurance through file review, engagement planning, development and monitoring, engagement profitability - Simultaneously deliver multiple client engagements of varying size, scope and complexity.
• Business development: taking an active role in the business community to increase awareness of the firm’s services and level of commitment to the local market, developing and maturing relationships with internal staff and clients, developing proposals, identifying and pursuing opportunities to increase the practice’s penetration in the public and private sector.
• Service Delivery: conducting research, performing technical testing, writing reports, conducting interviews and communicating regularly with clients and resources.

What you bring to this role:

• Bachelor’s or Masters degree in Computer Science degree required
• Completion of relevant certifications (e.g., CISA, CRISC, CGEIT, ISO27001)
• 8+ years of relevant experience in assessing information technology or business process risk ideally within a large consulting practice.
• Strong understanding and experience with IT General Controls and security controls audits or assessments (e.g., SOC 1, ISO 27001, NIST) is preferred.
• Experience in the designing and testing of controls in different IT environments.
• Ability to work both independently, with little supervision and within a team environment.
• Excellent written and oral communication skills, able to effectively express insights.
• Demonstrated ability to learn and succeed in a fast-paced environment.
• Attention to detail and strong organization and analytical skills.
• Strong understanding of business and audit risks.
• Willingness and ability to travel both within Canada and internationally.

What you will do:

• Conducting assessments of IT risks and controls in support of internal and external audit and advisory engagements, related to for instance:
• Data governance assessments and reviews.
• IT projects and system implementations.
• IT project assurance reviews
• IT governance reviews
• IT Third party risk management.
• IT asset management audits.
• Supporting assessments for broader information security topics (cyber maturity assessments, ISO audits, incident management reviews etc.) as well IT general controls.
• Monitoring relevant technology risk standards and practices.
• Developing risk and control matrices and reviewing procedures.
• The review and provision of advice and assistance on business process controls.
• Engagement risk management: quality assurance through file review, engagement planning, development and monitoring, engagement profitability - Simultaneously deliver multiple client engagements of varying size, scope and complexity.
• Business development: taking an active role in the business community to increase awareness of the firm’s services and level of commitment to the local market, developing and maturing relationships with internal staff and clients, developing proposals, identifying and pursuing opportunities to increase the practice’s penetration in the public and private sector.
• Service Delivery: conducting research, performing technical testing, writing reports, conducting interviews and communicating regularly with clients and resources

What you bring to this role:

• Bachelor’s or Masters degree in Computer Science degree required
• Completion of relevant certifications (e.g., CISA, CRISC, CGEIT, ISO27001)
• 8+ years of relevant experience in assessing information technology or business process risk ideally within a large consulting practice.
• Strong understanding and experience with IT General Controls and security controls audits or assessments (e.g., SOC 1, ISO 27001, NIST) is preferred.
• Experience in the designing and testing of controls in different IT environments.
• Ability to work both independently, with little supervision and within a team environment.
• Excellent written and oral communication skills, able to effectively express insights.
• Demonstrated ability to learn and succeed in a fast-paced environment.
• Attention to detail and strong organization and analytical skills.
• Strong understanding of business and audit risks.
• Willingness and ability to travel both within Canada and internationally