KPMG created KDN to provide large-scale, cross-functional capabilities and technology through a network of global delivery centers. KDN encourages global consistency and provides services and tools across Tax and Legal Services, Audit, and Advisory at a consistently high quality and at a competitive price point. It includes a multi-tiered global sales and delivery support network that transforms how KPMG firms and people work together. Our extensive network of dedicated KDN professionals has the depth and breadth of knowledge necessary to play a key role in the future of global productivity tools.

What we offer*:

• 2 days home office opportunity and flexible working hours

• Private health care coverage including dental services (Medicare)

• Eyeglasses compensation

• Collective life and accident insurance

• Wide range of Cafeteria elements (such as SZÉP Card, MOL Bubi, MOL Limo)

• Annual bonus may be awarded based on your and the Firm’s performance

• Company car/car allowance

• iPhone14 with subscription

• Referral bonus

• Internal coaching opportunity

• Sports opportunities and All You Can Move sportpass availability

• Compensation for long-distance commutes (for those who commute to work from outside the city limits)

• Relocation support for foreign candidates

• 3 paid days for volunteering and CSR activities

• In-depth professional training from beginner to advanced level

Key Responsibilities

• Lead the Information Security Organization, including the direction and evolution of the information security program, working with leadership to budget and plan the security function accordingly and ensure alignment with Global information security priorities and strategy.

• Provide leadership insight into information security matters and escalation and promote adherence to KPMG information protection policies and other relevant policies (for example those outlined in the Global Quality & Risk Management Manual).

• Act as the point of contact for the Global Information Security Group (GISG) and GQRM – Global Digital Risk (GDR).

• Participate in regular Global meetings and other relevant forums. Newly appointed NITSOs should participate in NITSO induction sessions arranged as required by Global Information Security Group (GISG).

• Establish and maintain relationships with NITSOs from network firm locations from which KDN delivery centers are located.

• Create, maintain and report on information security metrics.

• Liaise with relevant stakeholders including Business Functions, Technology Groups, Legal, Privacy (Privacy Liaison (PL), Physical Security, Human Resources (HR).

• Responds to requests by the global insurance team to ensure timely submission of information for the annual cyber insurance program.

• Evaluates the information security provisions for working with other member firms, to ensure compliance with the IFDTAs and other regulatory provisions.

• Oversee the information security risk assessment process, tools and solutions used and facilitate risk treatment.

• Provide input into all information security related escalations.

• Accountable for assessing third-party risks, including the initial and ongoing risk assessment of suppliers and their compliance with contractual terms, involvement in the risk assessment during an acquisition.

• Ensure regular (at least annual) review of all security policies and standards, including their implementation.

• Ensure that all relevant stakeholders are notified of the changes to global information security policies and standards, and that changes are appropriately reflected within documented policies, processes, and procedures.

• Ensures that a senior sponsor has been established for the IPCR and the IPCR is carried out in a timely manner. Furthermore, remediation activities must be carried out within the agreed timelines.

• Contribute to the documentation and coordination of ISO 27001 processes (where applicable)

• Advises the business on security requirements of new systems & technologies, including involvement and review of technology projects, approval of significant changes to technology environments, approval of communication tools, virtual desktop infrastructure (VDI), remote access incl. VPN, external facing solutions, the installation of software on operational systems, and authorization of privileged utility programs.

• Work closely with the technology teams to ensure that relevant security controls are implemented consistently across all parts of the organization and reviews are carried out appropriately.

• Ensure appropriate Information Security Incident Management planning, preparation, implementation and communication.

• Ensure that all KDN personnel receive information protection and data privacy training, as applicable.
  

Requirements

• 10 years’ experience in information security and risk management.

• Hold industry standard accreditation or certifications. (i.e., CISSP, CISM, ISO 27001)

• Demonstrated global exposure, ideally working with cross‑border teams, stakeholders, and regulatory environments.

• Be familiar with current data privacy regulations, including GDPR.

• Have understanding and experience with Secure SDLC and DevSecOps or security automation.

• Be capable of understanding and communicating the business impact that infosec operations have on the organization.

• Understand the requirements of relevant information security frameworks and attestations including for example ISO 27001, NIST, SOC2, SoQM.

• Experience with people management is required.

• Strong strategic thinking and decision‑making skills, with the ability to prioritize and balance security, business needs, and operational constraints.

• Advanced problem‑solving and analytical skills, including the ability to assess complex security issues and propose pragmatic, risk‑based solutions.

• Proven project and program management capabilities, including planning, prioritization, and delivery of multiple security initiatives in parallel.

• High level of resilience and the ability to perform under pressure, particularly when managing security incidents or time‑critical issues.

*Elements should be in line with company guidelines and policies.