Lead Specialist, Third Party Risk Management

Lead Specialist, Third Party Risk Management

KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand and look forward to continued growth. In an ever‑changing market environment our professionals must be adaptable, collaborative, and thrive in a team‑driven culture. We prioritize our people, offering world‑class training, career development, and the flexibility to advance your skills and deepen your experiences.

We are seeking a Lead Specialist, Third Party Risk Management to join our Managed Services practice.

• Interact with onshore engagements and clients directly, performing vendor or third‑party security assessments and conducting remote assessments independently.
• Draft assessment reports based on remote review discussions and perform second‑level quality review of peer or junior reports.
• Conduct business continuity planning and disaster recovery implementation/review.
• Build and maintain strong, collaborative relationships with clients and internal teams, supporting the team’s execution and management of engagements in our current and future client portfolio.
• Lead and manage client engagements with a focus on delivering high‑quality service in a managed services context.
• Act with integrity, professionalism, and personal responsibility to uphold KPMG’s respectful and courteous work environment.

• Minimum five years of recent information security governance, privacy and compliance, and security assessment experience—focus on IT and IS risk assessments and program reviews/establishment; prior experience with large consulting firms is preferable. Certifications such as CISA, CISSP, CISM, CIPP, ISO 27001 are advantageous.
• Master’s degree in information security, computer science, engineering, technology, or similar preferred; bachelor’s degree required.
• Demonstrated experience assessing against BS ISO/IEC/SIG 27002:2005, BS 7799, BS 25999, and related standards, including risk assessment, security policy, asset management, HR security, physical security, communications and operations management, access control, incident management, business continuity management, and compliance.
• Broad understanding of information security trends, services, and disciplines, and experience applying them in dynamic environments.
• Strong client interaction skills, both written and verbal, fluent in English.
• Ability to travel as required.
• Applicants must be authorized to work in the U.S. without the need for employment‑based visa sponsorship now or in the future.

KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state, and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability status, veteran status, or any other protected category.