IT & Security Controls Manager at KPMG, London/Remote, 12 Months (ASAP Start), £Contract Rate

5h ago

Role Title: IT & Security Controls Manager
Duration: 12 months from start date (ASAP)
Engagement type: Contingent (umbrella/PAYE via Reed)
Location: London (hybrid)

ALL KPMG UK CONTINBGENT WORKERS MUST RESIDE AND HAVE PROOF OF RIGHTS TO WORK IN THE UK

Role overview

We’re seeking an experienced IT & Security Controls Manager to lead and mature our assurance activities across information protection, security, privacy, and technology risk (including AI) domains. You will lead on program enhancement, maturation and control development, and act as a trusted advisor to stakeholders.

Role

• Plan and lead control test development across information protection, security, technology (including AI) and privacy domains, ensuring clear linkage to audit/assurance objectives and programme requirements.
• Interpret audit programme requirements and identify maturation opportunities while ensuring alignment to policy, standard and framework requirements ((e.g., ISO/IEC 27001/27701, NIST CSF/800‑53, COBIT, PCI DSS where relevant).
• Engage and consult with stakeholders across key domains (e.g., technology, security, data, privacy, risk, delivery)
• Training Development: develop enhanced training and materials in support of enhanced audit programme and control test steps for audit teams.
• Contribute to enhanced audit program roll-out: participate in strategic planning and audit programme socialization and roll-out, inclusive of newly created test steps.

Skills Required

• Deep SME expertise in information protection controls assessment, security, technology (including AI considerations) and privacy — operating at senior associate/manager level.
• Proven GITC/ITGC testing expertise and hands‑on control assessment leadership across apps, infra, and data platforms.
• Experience implementing & interpreting audit programmes, translating requirements into executable workpapers and evidence standards.
• Track record designing/maturing assurance programmes (frameworks, methods, test suites, tooling, and reporting).
• Strong working knowledge of security and privacy frameworks (e.g., ISO 27001/27701, NIST, COBIT, SOC reporting contexts, GDPR principles).
• Excellent leadership & delivery skills managing multi‑disciplinary reviews through to closure.
• Outstanding communication — clear reports, defensible findings, constructive challenge with senior stakeholders.

Desirable

• Experience with automation of control testing, evidence collection tooling, or analytics to improve coverage/efficiency.
• Familiarity with cloud control baselines (Azure/AWS), identity & access management, privileged access, logging/monitoring, and third‑party risk.
• Understanding of AI/ML control themes (model lifecycle governance, data lineage, bias/ethics, monitoring).
• Professional certifications (e.g., CISM, CISSP, CISA, ISO 27001 Lead Auditor/Implementer, IAPP).