Cybersecurity Assessment Expert at IT - Strat managing A&A of information systems for U.S. federal clients. Ensuring compliance with DOD cybersecurity policies and standards in complex IT environments.
About the role
- Director leading Information Security at KPMG Budapest, developing programs and policies to align with global priorities and strategy.
Responsibilities
- Lead the Information Security Organization, including the direction and evolution of the information security program, working with leadership to budget and plan the security function accordingly and ensure alignment with Global information security priorities and strategy.
- Provide leadership insight into information security matters and escalation and promote adherence to KPMG information protection policies and other relevant policies (for example those outlined in the Global Quality & Risk Management Manual).
- Act as the point of contact for the Global Information Security Group (GISG) and GQRM – Global Digital Risk (GDR).
- Participate in regular Global meetings and other relevant forums.
- Newly appointed NITSOs should participate in NITSO induction sessions arranged as required by Global Information Security Group (GISG).
- Establish and maintain relationships with NITSOs from network firm locations from which KDN delivery centers are located.
- Create, maintain and report on information security metrics.
- Liaise with relevant stakeholders including Business Functions, Technology Groups, Legal, Privacy (Privacy Liaison (PL), Physical Security, Human Resources (HR).
- Responds to requests by the global insurance team to ensure timely submission of information for the annual cyber insurance program.
- Evaluates the information security provisions for working with other member firms, to ensure compliance with the IFDTAs and other regulatory provisions.
- Oversee the information security risk assessment process, tools and solutions used and facilitate risk treatment.
- Provide input into all information security related escalations.
- Accountable for assessing third-party risks, including the initial and ongoing risk assessment of suppliers and their compliance with contractual terms, involvement in the risk assessment during an acquisition.
- Ensure regular (at least annual) review of all security policies and standards, including their implementation.
- Ensure that all relevant stakeholders are notified of the changes to global information security policies and standards, and that changes are appropriately reflected within documented policies, processes, and procedures.
- Ensures that a senior sponsor has been established for the IPCR and the IPCR is carried out in a timely manner. Furthermore, remediation activities must be carried out within the agreed timelines.
- Contribute to the documentation and coordination of ISO 27001 processes (where applicable).
- Advises the business on security requirements of new systems & technologies, including involvement and review of technology projects, approval of significant changes to technology environments, approval of communication tools, virtual desktop infrastructure (VDI), remote access incl. VPN, external facing solutions, the installation of software on operational systems, and authorization of privileged utility programs.
- Work closely with the technology teams to ensure that relevant security controls are implemented consistently across all parts of the organization and reviews are carried out appropriately.
- Ensure appropriate Information Security Incident Management planning, preparation, implementation and communication.
- Ensure that all KDN personnel receive information protection and data privacy training, as applicable.
Requirements
- 10 years’ experience in information security and risk management.
- Hold industry standard accreditation or certifications. (i.e., CISSP, CISM, ISO 27001)
- Demonstrated global exposure, ideally working with cross‑border teams, stakeholders, and regulatory environments.
- Be familiar with current data privacy regulations, including GDPR.
- Have understanding and experience with Secure SDLC and DevSecOps or security automation.
- Be capable of understanding and communicating the business impact that infosec operations have on the organization.
- Understand the requirements of relevant information security frameworks and attestations including for example ISO 27001, NIST, SOC2, SoQM.
- Experience with people management is required.
- Strong strategic thinking and decision‑making skills, with the ability to prioritize and balance security, business needs, and operational constraints.
- Advanced problem‑solving and analytical skills, including the ability to assess complex security issues and propose pragmatic, risk‑based solutions.
- Proven project and program management capabilities, including planning, prioritization, and delivery of multiple security initiatives in parallel.
- High level of resilience and the ability to perform under pressure, particularly when managing security incidents or time‑critical issues.
Benefits
- 2 days home office opportunity and flexible working hours
- Private health care coverage including dental services (Medicare)
- Eyeglasses compensation
- Collective life and accident insurance
- Wide range of Cafeteria elements (such as SZÉP Card, MOL Bubi, MOL Limo)
- Annual bonus may be awarded based on your and the Firm’s performance
- Company car/car allowance
- iPhone14 with subscription
- Referral bonus
- Internal coaching opportunity
- Sports opportunities and All You Can Move sportpass availability
- Compensation for long-distance commutes (for those who commute to work from outside the city limits)
- Relocation support for foreign candidates
- 3 paid days for volunteering and CSR activities
- In-depth professional training from beginner to advanced level
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Security Engineer responsible for deploying and maintaining endpoint security solutions. Collaborating across teams to enhance security posture and supporting incident response activities.
Administrative support role within MAHLE's Thermal and Fluid Systems unit, assisting the team with various operational tasks and employee interactions.
Senior Security Engineer at PagBank focusing on application security and secure development practices. Responsibilities include testing, vulnerability management, and collaboration with development teams.
Security Software Engineer at a tool - building company automating coding. Focused on shipping secure products covering enterprise security, cloud, and embedded protections.
Senior Product Cyber Security Systems Engineer at Sonova focusing on product security and cyber threats. Collaborating with teams to maintain robust security practices and compliance.
Threat Exposure Oversight Specialist enhancing security risk management in Cyber Defence team. Collaborating across functions to validate and document security controls and risks.
Lead Information Security Analyst driving security improvements and team management at Octopus Energy. Join us in ensuring secure service delivery across our global operations.
Lead Security Engineer at Octopus Energy, ensuring security in digital energy solutions and managing a team. Join us in revolutionizing the renewable energy transition.
Program Manager overseeing global safety, intelligence, and security at Anthropic. Developing policies and coordinating cross - functional initiatives.