• Monitor and assess IT and cybersecurity risks across the organization, focusing on second-line oversight of the first line’s risk management practices.
• Conduct independent risk assessments and challenge the first line’s processes and control effectiveness across applications, business solutions, assets, and third-party relationships.
• Review and validate risk assessments and treatment plans proposed by the first line, ensuring compliance with organizational and regulatory standards.
• Develop and manage IT and security control frameworks, ensuring alignment with internal policies, industry best practices, and regulatory requirements (e.g., ISO 27001, NIST, SOC).
• Support the implementation of the various aspects of DORA with the objective to achieve compliance.
• Conduct audits and provide oversight of IT and cybersecurity practices within the first line of defense, especially in third-party risk management.
• Produce independent risk reports for senior management and governance committees, synthesizing security risks and providing recommendations for risk mitigation.
• Advise on risk management strategies and propose improvements to enhance the organization’s security posture and overall risk maturity.
• Act as a trusted advisor to the business, providing guidance on emerging risks and ensuring that the first line implements appropriate risk mitigations.
• Ensure the integration and coherence of risk management processes across different business units, with a focus on third-party risk.
• Oversee the review of IT and security contractual clauses with suppliers, ensuring they meet second line’s standards for risk management.
• Collaborate with the first line, providing support and challenge to enhance the effectiveness of security controls and practices.

#LI-DNI

•       4+ years of experience in information security or risk management, with a focus on second line functions.
•       Experience in performing information security assessments or audits.
•       Demonstrated experience in operational security risk management.
•       Strong understanding of Information Security frameworks (ISO 27001, NIST, SOC) and their application in second line assurance activities.
•       Strong understanding of the FS regulatory landscape (DORA, NBB, EBA, etc.).
•       Proven ability to conduct risk oversight, challenge the first line’s risk management activities, and ensure compliance with internal and external standards.
•       Experience working in financial services or large-scale enterprises, with an understanding of regulatory requirements in IT and cybersecurity.
•       Security certifications such as CISSP, CISM, CCSK, or similar.
•       Familiarity with vulnerability management, penetration testing, and reviewing IT and security clauses in contracts.
•       Knowledge of control frameworks and audit methodologies within second line risk functions.
•       Strong communication and influencing skills, capable of working with senior stakeholders and challenging the first line when necessary.
•       Excellent analytical and problem-solving abilities, with a focus on providing independent assurance and actionable recommendations.
•       Proactive, autonomous, teamplayer, collaborator and able to synthesize complex issues.

• An international corporate culture in which personal growth, mutual trust and lifelong learning are being fostered.
• A competitive and attractive compensation package and a great number of extra-legal advantages (Company car + fuel card, IPhone/IPad, group & hospitalization insurance, Allowances,…) which are customizable with our Reflex@KPMG plan.
• Career and business development opportunities combined with trainings based on your personal needs and ambitions.
• Learning and growth opportunities designed for leaders through our Management development Track.
  Flexible, hybrid work arrangements to enable working from wherever you are.
• A team of passionate colleagues to reach higher goals and support each other.
• A buddy and performance manager to support and assist you through your first months at KPMG.
• Great teambuilding, sport & wellbeing initiatives through our Together@KPMG program.
• An inclusive workspace that encourages diversity and pursues mutual respect for each other’s beliefs and backgrounds.