Business Analyst at KPMG, Any UK Location, to 9/22, £Contract Rate

  • Contract Spy
  • UK
  • May 09, 2022
up to 6 Months

Contract Description

Business Analyst - Contract until Sept 2022 (inside IR35)


Role Title: Business Analyst


Contract Length: Until September 2022
Engagement Type: PAYE or Umbrella
Location: Any UK location


Job Description

Global Quality & Risk Management (GQ&RM) develops quality and risk management policies and procedures for KPMG and provides associated guidance. GQ&RM monitors the quality of service delivery across all of KPMG’s businesses, establishes and oversees compliance with risk management policies and protocols, helps protect the brand and reputation of KPMG, and ensures trusted and respectful relationships with the regulatory community across the KPMG network.

Role Summary

Based in the Global Risk Management Information Protection team, reporting to the Risk Office Lead, the Risk Manager will be responsible for assisting with the development of the Risk Management framework for Information Protection, and the evaluation and reporting of information protection risks relating to KPMG International and Member Firms. These reports will assess the level of compliance of KPMG international and Member Firms with information protection policies and enterprise risk appetite, highlight trends in information protection risks and help inform policy development to improve the defensive posture and response capabilities of KPMG International and Member Firms.

In the short-term, the interim role holder will be required to contribute to the development of the information risk management framework.

Key Accountabilities

  • Take an active role in leading parts of the design of the Information Risk Management framework, such as developing the relevant policies or design and document the overall information risk management governance process
  • Lead information risk interviews with senior stakeholders
  • Oversee the analysis of all information risk data and its impact on KPMG information risks
  • Identify the relevant control objectives are defined and maintained to ensure adequate mitigation of identified information risks
  • Support consultation with relevant stakeholders including first line information security, to determine, quantify, and mitigate risks relating to the business of KPMG International and the network of member firms;
  • Assisting with the implementation of the risk assessment framework to inform the policy that frames a set of information protection controls designed to mitigate risks, based on the requirements of ISO27001, ISQM1 and other control frameworks where required;
  • Liaising with the Global Information Protection Risk Management Policy group, where changes to controls impact the baseline information protection policies;
  • Implementing new process improvement opportunities to continuously enhance and improve insight into emerging and current risks;
  • Supporting the other GQRM team members with recurring or ad hoc information requests (e.g., Compliance Risk Assessment, Global Compliance Review teams, etc.);
  • Working with other Global Quality and Risk Management team members to maintain dashboards that benchmark Member Firms based on the relevant KPIs and KRIs; and
  • Develop and operate reporting cycles for various stakeholders


“Everyone a Leader” Competencies


  • Make sound decisions
  • Foster innovation
  • Build collaborative relationships
  • Take opportunities to learn and adapt
  • Advocate for equality
  • Act ethically and responsibly
  • Drive quality

Technical Skills & Qualifications

Core advisory skills including business process analysis, risk assessment, designing and proposing solutions of identified challenges, provision of status reporting to executive management

Experience & Knowledge – technical

  • Experience in information risk management frameworks such as ISO-27001, ISO 27005, NIST information risk framework, ISF
  • Experience in designing information controls and relevant key risk indicators and metrics
  • Proven working experience in a risk management role is preferred;
  • Experience in information protection, data security or risk management;
  • Good knowledge of and experience of working with reporting tools such as Tableau;
  • Core advisory skills including business process analysis, risk assessment, designing and proposing solutions of identified challenges, provision of status reporting to executive management;
  • Excellent information protection risk assessment planning, executing, managing, and reporting skills;
  • Bachelor’s Degree from an accredited college or university or equivalent work experience; and
  • Professional qualification in risk, compliance or security for example CISSP, CISM and/or CRISC would be an advantage


Experience & Knowledge – non-technical

  • Strong analytical skills with the ability to collect, organise, analyse, and disseminate significant amounts of information as well as report writing and presenting findings;
  • Ability to see the “big picture” (ability to prioritise and see what is most important);
  • Excellent spoken and written / report writing skills in English;
  • Capable of critical thinking and executing plans into action;
  • Strong interpersonal and presentation skills and ability to communicate effectively both verbally and in writing, particularly with senior level global stakeholders;
  • Ability to manage and deliver multiple activities;
  • Agility and ability to adapt to changing priorities in fast paced environment;
  • Experienced working in multicultural environments and sensitive to different business cultures;
  • Good team player; and
  • Methodical approach to work, attention to detail, and delivery of high-quality results.