Security Compliance Analyst

**Job no**: 519867

**Work type**: Permanent Full Time

**Location**: Melbourne

**Division**: Business Services

**Role and Responsibilities**:
**The Security Compliance Analyst works for the Manager of Security Compliance, a team within the Governance, Compliance and Risk function of the Information Security Office (ISO). This role requires the ability to communicate to, and assist in presenting to IT leadership, Privacy and Office of General Counsel with regards to information security compliance and ongoing improvement of KPMG’s information security posture. The role must provide a balanced blend of business enablement while minimising information security risk, providing pragmatic advice to uphold policies and assisting project and stakeholder teams to work through compliance challenges.**:
**The core functions of this role include**:

- **Assess all aspects of information security compliance for KPMG Australia;**
- **Assist in providing information security reporting to local IT leadership, regional and global leadership;**
- **Coordinate with other aspects of the business including Legal, Privacy, P&I (HR), CISO, ITS and internal stakeholders within the business;**
- **Assist the Security Compliance team in facilitating the annual external ISO27001/27017 audit, the internal Information Protection Controls Audit (IPCA) and any other reviews such as APRA CPS234 or NIST CSF;**
- **Perform regular compliance reviews to ensure adherence to KPMG Policies, Procedures and Standards;**
- **Perform regular reviews of KPMG Policies, Procedures and Standards to ensure they remain up to date and aligned to global documents;**
- **Assist in developing and deploying the annual mandatory Security Awareness for Everyone (S.A.F.E.) training and quarterly Phishing Awareness training; track mandatory training completion by KPMG users;**
- **Assist in working with ASPAC, regional or Global teams to implement broader information security initiatives;**
- **Answer Client Queries about KPMG’s information security posture in a timely manner;**
- **Liaise with OGC and the business to review client contracts’ security clauses to ensure KPMG can agree to the security clauses posed by clients, or amend as necessary;**
- **Proactively provide assistance in other Security Compliance team work as needed.**

**Qualifications and Education Requirements**:
This role requires:

- Minimum of a bachelor’s degree in an information or business-related discipline.
- Minimum 1.5-2 years of experience in IT roles, preferably with involvement in a combination of compliance, auditing and service desk work.
- Preferred, but not required to have accreditation in two of the following, ISO27001 Lead Auditor or Lead Implementor/CISM/Microsoft SC 900 - Security, Compliance and Identity Management; GCIH and/or CISSP (or relevant certifications)
- A valid Australian Driver’s License (any State or territory)
- Criminal Records Check and possible a National NV-1 security clearance

**Preferred Knowledge / Skill / Ability**:
**Key Responsibility Areas **_(Please list in order of importance)_**

**_Key Position Accountabilities_**
Name the key areas for which the position is accountable

**_ % of Total Role_**

**_ Major Standards_**

What are the key activities or tasks to be carried out?
- **_Outputs:_**:

- What are the expected end results?

**_Measures:_**
How are these results measured?
- **Security Compliance Management**

70%
- Ensure all appropriate information security controls are implemented within KPMG, including conducting annual reviews and tracking findings.
- Ensure Information security controls are embedded into KPMG’s processes.
- Promote information security awareness and facilitate end-user training.
- Assess security clauses within proposed client contracts to ensure alignment with KPMG’s information security posture, security policies and risk appetite.
- Respond to Client Queries relating to KPMG’s information security posture in a timely manner, to enable the business to work with KPMG clients.
- Establish a local process to review and ensure local/regional compliance with Global compliance requirements, systems and processes.
- Assist in the assurance of effective Information Security Policies & Standards and testing compliance against the Policies & Standards.
- Coordinate with the internal teams and stakeholders to timely conclude the security reviews. Liaising with the stakeholders to close/remediate open findings.
- Assist in follow-up process for annual firm-wide training to confirm compliance and completion of the security training. Assist in publishing monthly firm-wide security awareness articles.
- Assist in maintaining effective working relationships within the business by responding promptly to the active client queries/security assessments and contracts.
- Assist in project reviews and assessments to ensure information security best practices.
- Monitoring and compliance reporting.
- Maintaining and ens