Senior Manager - Security Transformation Specialist

The Security Transformation Specialist role is pivotal to the sustainable growth of the Cyber Strategy service area within the UK, supporting the delivery of cyber strategy and risk services to a broad range of Defence & National Security clients.

Description of the role

The role will deliver the following activities:

• Manage large / complex cyber strategy and risk engagements to clients, leading on multiple workstreams of work and / or managing the delivery of other managers within the team.


• Build and developing lasting client relationships and actively build a network and range of experience to help address client needs


• Building relationships across KPMG’s capabilities and our global member firms to bring innovation to our clients, including the development of new channels for joint pursuits (e.g. Technology Strategy, Internal Audit, ERS)


• Work with the leadership team to identify and support sales pursuits for Cyber Strategy and risk opportunities to grow our business 


• Support the development of our people as a performance manager, coaching and develop the team around you, and promoting and support a culture of learning and development across the team.


• Knowledge, Skills and Experience with managing UK Government and/or UK Defence Secure by Design (SbD) implementation and practices, including risk and threat assessments, planning and monitoring and stakeholder management and continuous assurance, is essential.


• The role will also have opportunities to support our Leadership team as we continuously evolve our strategy, help create, build and evolve our propositions as part of our investment into our capabilities, and create and be recognised for Thought Leadership that supports our market messaging.

Role dimensions

The Security Transformation Specialist is a senior delivery role, and will be responsible for managing multiple teams or workstreams across multiple clients, in some cases managing other managers within the team.

The role requires a high level of stakeholder interaction and challenge, including:

• Internal stakeholders: business development teams, sales teams, delivery teams, technical development teams, Quality and Risk Management, joint proposition service area leaders.


• External stakeholders: client stakeholders and decision makers for purchasing the product and / or services related to the product, across a range of sectors and industries,

 Experience

Specific to the role, the Security Transformation Specialist role should be able to demonstrate proficiency across a number of the following skills and experience:

• Defining cyber security strategies, considering an organisation’s business and technology objectives and aligning future capabilities to the needs of the organisations


• Defining and implementing cyber risk management frameworks, considering the complexity of multiple regulatory and sector-specific requirements clients may have on them.


• Cyber risk assessments of complex environments (e.g. multi-platform, multi-cloud, multi-sector type clients).


• Articulation of cyber risk to a broad range of technical and non-technical cyber stakeholders, including executive / board / audit committee audiences.


• Assessing Cyber Security Target Operating Models (TOMs), considering all aspects of a modern TOM including people, processes, technologies, service delivery models, governance structures, and metrics and reporting


• Creating business cases for cyber security investments and securing stakeholder commitment to cyber improvement programs


• Managing the delivery of strategic cyber security programs, including project management activities, stakeholder reporting and monitoring of delivery outcomes


• Understanding and delivery experience with leading security frameworks (i.e National Institution of Standards Technology Cyber Security Framework (NIST CSF), ISO27001:2013/2022, National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF), Capability Maturity Model Integration (CMMI).


• A working understanding of security architecture principles


• A working understanding of cyber security governance models


• A working understanding of regulatory requirements (NIS, GDPR etc) of organisations in individual sectors.

More generally, we expect that you will have:

• Proven experience leading work at sustained levels of high quality, including inspiring drive and resilience in others


• Excellent written and verbal communication skills


• Excellent presentation and influencing skills


• An ability to develop excellent relationships both internally and with clients at a senior level