IT Security Officer (ISO) (m/f/d)

Find your purpose at KPMG Luxembourg

We see a world of opportunity. From uncovering ways to digitalize, to enabling new sectors to take off, to building sustainability and resilience into economies, we know insights reveal new opportunities for all. We are diverse and dedicated problem solvers, part of the worldwide network of high-quality audit, tax and advisory services.

We offer excellent career prospects that balance autonomy, flexibility, and responsibility. Our comprehensive benefits inspire our people to do and feel their best. Right now, we have more than 1800 employees from over 70 nationalities. Join our growing group of young and youthful innovators to uncover a world of opportunity together.

Job Description

We are seeking an IT Security Officer

The Information Security Officer (ISO) is responsible for aligning security initiatives within KPMG Services, while ensuring that information assets, technologies, and data are adequately protected. The ISO plays a critical role in safeguarding data integrity, ensuring compliance with Group policies, regulatory standards(CSSF circular, DORA), and mitigating potential ICT and information security threats.

The ISO is accountable for designing, implementing, and continuously improving the entity’s ICT and security risk management framework. In this context, the ISO ensures that ICT and information security risks are identified, measured, managed, monitored, and reported.

The ISO operates as an independent second-line-of-defence control function, maintaining clear segregation from ICT operational activities. He or she collaborates with internal teams, as applicable.

This position requires a strong combination of technical expertise, strategic thinking, governance and risk management capabilities, and meticulous attention to detail.

What You Will Be Working On

• Develop, maintain and continuously improve the Information Security Policy, related standards, procedures, guidelines and security measures.
• Operate and monitor the Information Security Management System (ISMS), including the definition, tracking and reporting of relevant KPIs and performance metrics.
• Conduct information security risk assessments, vulnerability analyses and control reviews across key areas such as change management, supplier relationships and asset management.
• Support vendor risk assessments and produce information security reports as required for internal stakeholders, clients, authorities and other external parties.
• Monitor cybersecurity threats, regulatory developments and emerging risks affecting the company’s information systems.
• Respond to, manage and supervise investigations relating to information security incidents, breaches, non-conformities and policy exceptions.
• Ensure compliance with applicable information security, data protection and regulatory requirements, including relevant KPMG policies and standards.
• Integrate information security requirements into business processes, IT projects and operational activities.
• Manage IT security projects and support certification audits, including ISO and PSDC-related audits.
• Coordinate information security awareness activities, including employee training, awareness campaigns and newcomer information sessions.
• Act as a point of contact for security-related questions from internal stakeholders, clients and authorities.
• Support Compliance and Risk Management in information security-related projects.
  
  

What We Look For

• Bachelor's or Master's degree in IT, Information Security, or a related field.
• 4–6 years of relevant experience with information security concepts and practices.
• ISO 27001 knowledge/certification.
• Strong knowledge of information security, cybersecurity, and ICT risk management frameworks (ISO 27001/27005, NIST CSF, COBIT).
• Broad understanding of IT infrastructure, software development, data protection, and incident response.
• Experience developing and implementing security policies, controls, and regulatory compliance requirements.
• Proven ability to work cross-functionally with IT, Legal, Compliance, Internal Audit, and business stakeholders.
• Strong analytical, organizational, and communication skills, with the ability to manage multiple priorities.
• Proactive mindset with a focus on continuous improvement and staying ahead of evolving cybersecurity and regulatory trends.
  
  

What You Will Get

KPMG is where you will find the right opportunities to advance your career and the widest available range of possibilities so you can grow professionally. Make a real impact, join a diverse team of leading experts, work with global clients, and discover technological solutions.

By submitting your resume and application information, you authorize KPMG to transmit and store your information in the KPMG recruitment database, and to circulate that information as necessary for the purpose of evaluating your qualifications for this or other job vacancies.

KPMG is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. Our recruiting decisions are based on your experience and skills.