Lead Specialist, Third Party Risk Management

KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory.KPMG is currently seeking a Lead Specialist, Third Party Risk Management to join our Managed Services practice.Responsibilities:Interact with onshore engagements and clients directly performing vendor or third-party security assessments, and perform remote assessments independentlyIndependently draft reports of the assessments based on the discussions during remote reviews, and perform second level quality review of the reports written by peers/junior resourcesConduct business continuity planning and disaster recovery implementation and review experienceBuild and maintain strong, collaborative relationships with clients and internal teams, and support the current team with the execution and management of engagements in our current and future Client portfolioLead and manage client engagements with a focus on delivering high-quality service in a managed services contextAct with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environmentQualifications:Minimum five years of recent information security governance, privacy and compliance and security assessment experience, with a focus on IT and IS Risk Assessments and program reviews / establishment; prior consulting experience with big 4 or large clientele is preferable, and CISA/ CISSP/ CISM/ CIPP/ ISO 27001 is preferableMaster's degree from an accredited college or university in information security, computer science, engineering, technology or a similar degree is preferred; minimum of a Bachelor's degree in information security, computer science, engineering, technology or a similar degree is requiredFamiliarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment; Security policy; Organization of Information Security; Asset Management; HR Security; Physical and Environmental Security; Communications and Operations Management; Access Control; IS Acquisition, Development and Maintenance; IS Incident Management; Business Continuity Management; and ComplianceInformation Security Governance, Privacy and Compliance and Security Assessment experience with a focus on IT and IS Risk Assessments and program reviews / establishment, and understanding on ISO 27001/ NIST 800-53/ PCI-DSSBroad understanding of Information Security trends, services and disciplines, and experience applying them in dynamic environmentsStrong client interaction skills, both written and verbal, and highly fluent in English- both verbal and writtenAbility to travel as requiredApplicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)KPMG LLP and its affiliates and subsidiaries (

Created: 2026-01-26