Supply Chain Risk Management Engineer

Key Responsibilities : - Act as a trusted advisor to stakeholders, supporting the provision of accurate, appropriate, timely assurance information regarding the KPMG supply chain across capabilities and firmwide. - Support the identification of emerging trends and issues with the KPMG supply chain to shape and inform the KPMG risk posture. - Tactically deliver allocated activity from the annual service roadmap to defined standards and service levels. - Support the delivery of the annualised audit schedule, with a strong understanding of a risk based approach. - Be proactive in identification of continuous improvements to foster positive change within the Information Assurance team, seeking innovative solutions to enhance practices. - Deliver the 2nd LoD Supply Chain audit activity to monitor supply chain compliance against regulatory, client, global and local policy & standard requirements, including ISO27001. - Support the ongoing need to ensure that all supplier contracts include standardised Information Security and Data Privacy statements. - Provide support to report on Supply Chain Assurance metrics, providing insights into compliance and risk, highlighting areas for improvement. - Log all findings in the GRC tooling, track, review and monitor remediation results and associated evidence, supporting sign off where appropriate. - Work with finding owners to ensure remediation actions plans are defined and delivered in a timely manner. - Support the analysis and thematic reviews and consolidation of findings and to recommend risk treatment plans to reduce risk for the firm. - Ensure audit work is documented in accordance with business standard and fully supports conclusions and overall opinion through 1st / 2nd level reviews - Ensure that all work is delivered to a high standard - Conduct other Information Security & Privacy audit activity on behalf of KPMG (i.e. SOC2) where appropriate. Skills and experience required : - Strong stakeholder management skills, the ability to collaborate and develop relationships internally and externally - Experience advising on supply chain matters, with appropriate background in developing and implementing supply chain risk and assurance frameworks - Excellent ability to conduct audits in an effective and efficient manner y - Working knowledge of ISO27001, Cyber Essentials/ Cyber Essentials Plus, NIST Cybersecurity Framework, CIS, SOC2, Data Protection (UK GDPR, DPA, PECR) and experience of operational implementation - An understanding of ancillary frameworks (EU AI Act, UK AI Frameworks) - Experience of developing processes to deliver service improvements - Excellent analytical and reporting skills, using presentation tools to present complex information with exceptional attention to detail - Excellent communication skills, both written and verbal - Well organised and able to maintain a high workload efficiently at a consistently high standard - Strong knowledge of information security controls - Experience of working with GRC tools (ServiceNow) and supplier management tools (Coupa, Bitsight). - Understanding of a 3 lines of defence model (risk & assurance) - Be highly motivated and able to work on own initiative, ability to seek support when required. Additional Requirements : - Significant experience in information security and supply chain risk and assurance. - Certifications in information security, such as CISM, CISMP, CISSP. - Auditor qualifications, CISA, ISO27001 Lead Auditor, GIAC or equivalent. - ITIL foundation certificate or above desirable (ref:hirist.tech)

Location: in, IN

Posted Date: 4/19/2025