Responsibilities: - Apply a thorough knowledge of risk, compliance, and information security to develop and execute a multi-disciplined IT and Security Risk Management implementation plan to enable leadership to make informed, risk-based decisions across disparate categories of risk such as stability, operations, cyber, information handling, physical security, and resiliency - Build and maintain trust-based relationships with peers and leaders; evaluate risk reduction and mitigation activities to continually drive towards risk reduction methodologies; analyze the impacts of key risks, define criteria to make risk tradeoffs, and make recommendations to leadership to minimize overall risk posture; defend KPMG security capabilities to external entities, as needed - Evaluate the changing operating landscape and determine its impacts on organizational risks, obligations, and external expectations; recommend changes to risk approach to ensure consistency with current IT and security best practices - Work with second and third lines of defense to ensure organizational risk measures and internal audits measure and evaluate the appropriate risk areas; perform all activities from start to end associated to a risk assessment/analysis, from risk identification, analysis, evaluation, and treatment - Communicate results of the risk assessment/analysis to all levels of leadership; create executive level presentations and dashboards to present on Key Risk Indicators (KRI) - Collaborate with risk owners to ensure that progress is being made and tracked with regards to longstanding risks and remediation tasks; ensure that new risks are appropriately assessed, documented, and addressed through remediation, if applicable Qualifications: - Minimum five years of recent experience in IT risk and controls; prior experience of using ServiceNow and the Integrated Risk Management modules is a plus - Bachelor's degree from an accredited college/university; CRISC, CISM, CISA, or CISSP or equivalent level of experience preferred - Demonstrated understanding of disparate compliance frameworks and risk management principles, as well as experience making decisions to optimize overall operational risk; ability to analyze and synthesize technical data and convey it to non-technical audiences; understanding of key business objectives and how to balance business objectives against IT risks - Excellent verbal/written communication, problem solving, analytical and independent judgment skills to support an environment driven by customer service and teamwork; able to positively influence, mentor and be a credible source of knowledge to less experienced team members - Primary familiarity with the Five Lines of Defense model for managing risk; proficient in IT risk assessments, IT controls testing, evaluation of control evidence, identification of control deficiencies and facilitating the collaboration of remediation processes; highly skilled in risk documentation, including formalized risk registers, GRC frameworks and tools - Must be able to execute against strategic initiatives for team; creative thinker with capability to identify innovative business solutions; strong PowerPoint and executive presentation skills; US citizenship is required