Supply Chain Risk Management - AM - BLR/GGN/ Pune - J48773 Key Responsibilities: Act as a trusted advisor to stakeholders, supporting the provision of accurate, appropriate, timely assurance information regarding the KPMG supply chain across capabilities and firmwide. Support the identification of emerging trends and issues with the KPMG supply chain to shape and inform the KPMG risk posture. Tactically deliver allocated activity from the annual service roadmap to defined standards and service levels. Support the delivery of the annualised audit schedule, with a strong understanding of a risk based approach. Be proactive in identification of continuous improvements to foster positive change within the Information Assurance team, seeking innovative solutions to enhance practices. Deliver the 2nd LoD Supply Chain audit activity to monitor supply chain compliance against regulatory, client, global and local policy & standard requirements, including ISO27001. Support the ongoing need to ensure that all supplier contracts include standardised Information Security and Data Privacy statements. Provide support to report on Supply Chain Assurance metrics, providing insights into compliance and risk, highlighting areas for improvement. Log all findings in the GRC tooling, track, review and monitor remediation results and associated evidence, supporting sign off where appropriate. Work with finding owners to ensure remediation actions plans are defined and delivered in a timely manner. Support the analysis and thematic reviews and consolidation of findings and to recommend risk treatment plans to reduce risk for the firm. Ensure audit work is documented in accordance with business standard and fully supports conclusions and overall opinion through 1st / 2nd level reviews Ensure that all work is delivered to a high standard Conduct other Information Security & Privacy audit activity on behalf of KPMG (i.e. SOC2) where appropriate. Skills and experience required: Strong stakeholder management skills, the ability to collaborate and develop relationships internally and externally Experience advising on supply chain matters, with appropriate background in developing and implementing supply chain risk and assurance frameworks Excellent ability to conduct audits in an effective and efficient manner y Working knowledge of ISO27001, Cyber Essentials/ Cyber Essentials Plus, NIST Cybersecurity Framework, CIS, SOC2, Data Protection (UK GDPR, DPA, PECR) and experience of operational implementation An understanding of ancillary frameworks (EU AI Act, UK AI Frameworks) Experience of developing processes to deliver service improvements Excellent analytical and reporting skills, using presentation tools to present complex information with exceptional attention to detail Excellent communication skills, both written and verbal Well organised and able to maintain a high workload efficiently at a consistently high standard Strong knowledge of information security controls Experience of working with GRC tools (ServiceNow) and supplier management tools (Coupa, Bitsight). Understanding of a 3 lines of defence model (risk & assurance) Be highly motivated and able to work on own initiative, ability to seek support when required. Additional Requirements: Significant experience in information security and supply chain risk and assurance. Certifications in information security, such as CISM, CISMP, CISSP. Auditor qualifications, CISA, ISO27001 Lead Auditor, GIAC or equivalent. ITIL foundation certificate or above desirable Required Candidate profile Candidate Experience Should Be : 7 To 10 Candidate Degree Should Be : BE-Comp/IT,BE-Other,BTech-Comp/IT,BTech-Other,MBA,MCA
