Senior Manager, Global Digital Risk Policy Lead, Global QRM, Secondment/Fixed Term contract (End date 31 March 2027)

At KPMG, you’ll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.

The GDR Policy team is responsible for developing, communicating, and maintaining policies and related materials addressing information risk, security and privacy in KPMG.

KPMG's policies are designed to meet the firm's business requirements and expectations of external parties and clients. These materials define the minimum baselines for those areas for all KPMG organizations.

• Act as the GDR Policy Lead subject matter expert (SME) to develop and update KPMG Global Digital Risk Policies and guidance materials ensuring alignment to industry standards such as ISO and NIST; Act as one of GDR’s AI Delegates representing GDR on the Global AI Trusted Design Authority Working Group and the GQ&RM AI Taskforce providing policy advice on the adoption of AI at KPMG; Manage resources who support Policy Portal Maintenance and the Policy Exceptions Process; Provide oversight of the existing Policy Exceptions Process and work with other stakeholder groups to ensure process is fit for purpose and exceptions are reviewed and decided on in a timely manner and in line with Policy
• Lead the GDR Information Protection Policy Working Group (IPPWG), which is a formal policy governance body made up of KPMG International and Member Firm stakeholders that facilitates the review, updating and voting on Policy materials; Coordinate further ratification and communication of new or updated materials to other formal policy governance bodies, such as the Policy Development Working Group and the Global Quality and Risk Management Steering Group; Working with the central policy team, prepare the pre-read materials and subsequent communication (Special Alert) to communicate updates to GDR policies to the network of member firms
• Support the GDR Senior Leadership Team in regular tasks related to compliance, attestations and certification audits (specifically ISO27K, SOC2, SoQM, IPCR) and Global client requests related to our policy materials; Support KPMG’s Cyber Insurance submission, responding to Cyber Insurance questionnaires and providing Policy and Governance advice and documentation
• Maintain one to one calls with IPPWG members to discuss feedback, input and questions; Represent GDR on Security Standards working groups and review Standards for compliance with GDR Information Protection Policies; Responding and contributing to AI policy requirements from an information security perspective and as directed by AI governance bodies
• Provide advice and support to other KPMGI Functions, Business Lines and KPMG’s Network of Member Firms on a wide range of information protection strategic and operational priorities, including those related to artificial intelligence (AI)

• Minimum of 7 - 10 years in policy writing, development, management and or compliance in one or more of the following areas: information security, information protection, risk management, artificial intelligence
• Bachelor’s degree in an appropriate subject from an accredited college or university or equivalent work experience
• Demonstrated experience of critical and analytical skills with ability to research, interpret and translate technical information into well written policy materials
• Excellent and proven writing skills with ability to formulate policy clauses, policy documents and communications of policy requirements to the KPMG network. Excellent moderation, negotiation and communication skills required
• Strong understanding of Cyber risks, threats, security principles and best practices. Prior experience in the analysis of emerging digital risks, including those related to artificial intelligence highly desired. Professional qualifications (e.g. CISSP, CISM or CRISC) is desirable but not essential
• In depth knowledge of security industry frameworks including ISO 27001 suite of standards, NIST 800-53 and related NIST standards, Cloud Control Matrix (CSA), COBIT. Proven experience in supporting attestations, certifications and related audits: e.g. ISO 27001, SOC2, SoQM

Providing you with the support you need to be at your best

Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

Adjustments and accommodations throughout the recruitment process

At KPMG, we are committed to fostering an inclusive recruitment process where all candidates can be themselves and excel. We aim to provide a positive experience and are prepared to offer adjustments or accommodations to help you perform at your best. Adjustments (informal requests), such as extra preparation time or the option for micro breaks during interviews, and accommodations (formal requests), such as accessible communication supports or technology aids, are tailored to individual needs and role requirements. You will have an opportunity to request an adjustment or accommodation at any point throughout the recruitment process. If you require support, please contact KPMG’s Employee Relations Service team by calling 1-888-466-4778.