Senior Manager, IT Risk Services

Overview

The Senior Manager is responsible for the success of the IT risk management consulting mandates entrusted to them.

Your main missions are to :

• Advising clients on technology risk management for digital transformation projects (new and emerging technologies), technology risk analysis, IT governance, third party services, privacy, resiliency and business continuity, cybersecurity, regulatory compliance.
• Coach senior consultants on engagements
• Serve as a mentor and performance manager for junior staff, focusing on leveraging and developing their potential.
• Ensure profitability of managed mandates.
• Stimulate new business growth by identifying and promoting services in the business community through presentations, opportunity identification and proposal development.

What you will do

• Plan mandates and resource allocation.
• Implement and operationalize IT risk management systems.
• Identify the status of existing controls and their effectiveness in mitigating IT risks including business continuity.
• Conduct risk assessments by analyzing IT risk scenarios, determining their likelihood and impact.
• Conducting business impact analyses (BIA), and determining recovery metrics (Recovery Point Objective -RPO-, Recovery Time Objective -RTO-).
• Facilitate the selection of recommended risk responses by key stakeholders.
• Collaborate with risk owners to develop risk treatment plans.
• Collaborate with control owners on the selection, design, implementation and maintenance of IT controls.
• Review results of control assessments to determine the effectiveness and maturity of the IT control environment.
• Communicate relevant risk and control information to appropriate stakeholders.
• Typically assess the following topics:
  • Compliance of the organization’s IT policies and practices with regulatory and legal requirements.
  • IT solution and service provider selection and contract management processes comply with business and security requirements.
  • The organization’s project management policies and practices.
    Controls at all stages of the information systems development life cycle.
  • The readiness of information systems for implementation and migration to production.
  • Post-implementation systems to determine if deliverables, controls, and project requirements are met.
  • IT service management practices are consistent with business requirements and meet business expectations.
  • IT operations to determine if they are effectively controlled and continue to support business objectives.
  • Data governance policies and practices.
  • Problem and incident management policies and practices.
  • Change, configuration, release and patch management policies and practices.
  • The organization’s information security and privacy policies and practices.Physical and environmental controls to determine if information assets are adequately protected.
  • Logical security controls to verify the confidentiality, integrity and availability of information.
  • Data classification practices
  • Asset lifecycle management policies and practices.
  • Information security program to determine its effectiveness and alignment with the organization’s strategies and objectives
  • Perform technical security testing to identify potential threats and vulnerabilities.

What you bring to the role

• Master’s degree or PhD in Science, from a computer science engineering school, specializing in computer science, cybersecurity audit or IT management (IT architecture and urbanization, development, IT project management, database administration and management…)
• At least 7 years of experience as head of an audit entity or manager/senior consultant in an audit or consulting firm
• Possession of one or more professional certifications: CISA, CRISC, CISM, CISSP, ITIL, ISO 2700X, Ethical Hacker or other industry standards;
• Knowledge of control, risk management and information security frameworks and standards: COBIT, NIST CSF, NIST SP 800-30, NIST SP 800-53, NIST SP 800-37, CIS, ISO 22301, ISO 27001, ISO 27002, ISO 27005, ISO 31000.
• Mastery of the IT environment and its risks (in one or more of the following areas): Enterprise architecture; IT operations management (e.g., change management, IT assets, issues, incidents); systems development life cycle (SDLC); data governance; information security concepts; business continuity and resiliency management
• Knowledge of SAP HANA, a strong asset.
• Analytical and synthesis skills;
• Very good writing skills;
• Good command of the French language.

Our Values, The KPMG Way

Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice. For more information about Inclusion, Diversity & Equity in Recruitment, please click here.

If you have a question about accessible employment at KPMG, or to begin a confidential conversation about your individual accessibility or accommodation needs through the recruitment process, we encourage you to visit our accessibility page.