Supply Chain Risk Management Engineer (7-10 yrs)

Key Responsibilities :

- Act as a trusted advisor to stakeholders, supporting the provision of accurate, appropriate, timely assurance information regarding the KPMG supply chain across capabilities and firmwide.

- Support the identification of emerging trends and issues with the KPMG supply chain to shape and inform the KPMG risk posture.

- Tactically deliver allocated activity from the annual service roadmap to defined standards and service levels.

- Support the delivery of the annualised audit schedule, with a strong understanding of a risk based approach.

- Be proactive in identification of continuous improvements to foster positive change within the Information Assurance team, seeking innovative solutions to enhance practices.

- Deliver the 2nd LoD Supply Chain audit activity to monitor supply chain compliance against regulatory, client, global and local policy & standard requirements, including ISO27001.

- Support the ongoing need to ensure that all supplier contracts include standardised Information Security and Data Privacy statements.

- Provide support to report on Supply Chain Assurance metrics, providing insights into compliance and risk, highlighting areas for improvement.

- Log all findings in the GRC tooling, track, review and monitor remediation results and associated evidence, supporting sign off where appropriate.

- Work with finding owners to ensure remediation actions plans are defined and delivered in a timely manner.

- Support the analysis and thematic reviews and consolidation of findings and to recommend risk treatment plans to reduce risk for the firm.

- Ensure audit work is documented in accordance with business standard and fully supports conclusions and overall opinion through 1st / 2nd level reviews

- Ensure that all work is delivered to a high standard

- Conduct other Information Security & Privacy audit activity on behalf of KPMG (i.e. SOC2) where appropriate.

Skills and experience required :

- Strong stakeholder management skills, the ability to collaborate and develop relationships internally and externally

- Experience advising on supply chain matters, with appropriate background in developing and implementing supply chain risk and assurance frameworks

- Excellent ability to conduct audits in an effective and efficient manner y

- Working knowledge of ISO27001, Cyber Essentials/ Cyber Essentials Plus, NIST Cybersecurity Framework, CIS, SOC2, Data Protection (UK GDPR, DPA, PECR) and experience of operational implementation

- An understanding of ancillary frameworks (EU AI Act, UK AI Frameworks)

- Experience of developing processes to deliver service improvements

- Excellent analytical and reporting skills, using presentation tools to present complex information with exceptional attention to detail

- Excellent communication skills, both written and verbal

- Well organised and able to maintain a high workload efficiently at a consistently high standard

- Strong knowledge of information security controls

- Experience of working with GRC tools (ServiceNow) and supplier management tools (Coupa, Bitsight).

- Understanding of a 3 lines of defence model (risk & assurance)

- Be highly motivated and able to work on own initiative, ability to seek support when required.

Additional Requirements :

- Significant experience in information security and supply chain risk and assurance.

- Certifications in information security, such as CISM, CISMP, CISSP.

- Auditor qualifications, CISA, ISO27001 Lead Auditor, GIAC or equivalent.

- ITIL foundation certificate or above desirable