Job Description

KPMG is currently seeking an Associate/Senior Associate in Technology Risk Management for our Consulting practice.

Responsibilities:

* Assist in planning and executing activities related to risk, control, compliance and internal audit client engagements in the following areas: IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cybersecurity, cloud and third parties, data management and analytics, emerging technology and digital solutions, automation (robotics, cognitive, etc.), IT and transformation programs and projects, GITCs and application controls, and regulatory/compliance requirements
* Review clients' IT processes, risk, controls and compliance against leading practice, industry, or client frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client project manager
* Work with client project manager to assist in assessing, designing and implementation new IT risk and control frameworks, sustainable solutions (including applying knowledge of governance, risk and compliance tools), operating processes and people models to address key and evolving risks, as necessary
* Draft comprehensive executive summaries and final reports for delivery to client project manager and document and review engagement workpapers in accordance with KPMG requirements and common industry practice for internal audit and risk consulting client engagements
* Assist in kickoff, status, and closing meetings with engagement team and client and contribute to related KPMG knowledge bases and internal practice development initiatives

Additional Responsibilities for Senior Associate:

* Plan and assist in coordinating the execution of related client engagements, including kickoff, status, and closing meetings with engagement team and clients and contribute to related KPMG knowledge bases and internal practice development initiatives
* Supervise associates and interns on engagements by providing task assignments, ongoing oversight, feedback, and development opportunities
* Potential focus on more specialized skills around emerging technology and digital solutions, strategic, operational, regulatory/compliance, and industry related risks

Qualifications:

* Minimum of one year of experience working within an internal audit, IT risk, or IT compliance function as an internal employee or as part of a professional services firm
* Bachelor's degree from an accredited college/university or equivalent work experience; CISA, PMP, CISSP or CRISC (or similar) certifications preferred
* Familiarity with leading and executing IT audit, IT internal control, and IT risk consulting engagements, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs
* Experience in implementation of IT risk and IT internal control processes and programs
* Proficiency in executing projects in accordance with leading practice project management principles
* Strong leadership and communication skills, technical knowledge, and the ability to write at a publication quality level in order to communicate findings and recommendations to the clients and senior management team
* Ability to travel as necessary
* Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future

Additional Qualifications for Senior Associate:

* Minimum of three years of experience working within an internal audit, IT risk, or IT compliance function as an internal employee or as part of a professional services firm
* Experience with leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs
* Working knowledge of the risk and control considerations for one or more modern and emerging technology areas, including but not limited to automation (robotics, cognitive, etc.), advanced cloud adoption, agile development and related web / mobile applications, internet of things, and related infrastructure components