IT Risk and Compliance Manager
Kingston, St. Andrew Parish, Jamaica (Hybrid) · Full Time
Be the first to apply
- Experience
- 5+ yrs
- Salary
- —
- Openings
- 1
- Posted
- 1 week ago
- Work mode
- Hybrid
- Education
- Bachelor's degree
- Eligibility
- Professionals in Jamaica who meet the degree, experience, and skills requirements for an IT risk and compliance leadership role may apply. The position is based in Kingston and follows the specified hybrid work arrangement.
- Resume
- Required to apply
Where you'll work
Job description
Role overview
KPMG Jamaica operates a delivery center called Jamaica Extended Support Services (JESS) from Kingston. The center provides services to KPMG United States, referred to as the Client. The organization is looking for an experienced IT Risk and Compliance Manager to lead the design and execution of a broad IT and security risk management program. The position calls for strong expertise in risk, compliance, and information security, along with the judgment to support risk-aware decisions across multiple risk areas. Success in this role also depends on building trusted working relationships, assessing mitigation actions, and clearly presenting findings to senior stakeholders.
What you will do
- Use deep knowledge of risk, compliance, and information security to create and implement a coordinated IT and security risk management plan that helps leadership make informed decisions across areas such as stability, operations, cyber risk, information handling, physical security, and resiliency.
- Develop strong, trust-based relationships with colleagues and leaders, while reviewing risk reduction actions and encouraging continuous improvement in risk mitigation.
- Assess the impact of significant risks, establish the criteria used to weigh trade-offs, and provide recommendations that help reduce the overall risk position.
- Represent and explain KPMG’s security capabilities to outside parties when needed.
- Review changes in the business and operating environment and determine how they affect risk exposure, obligations, and external expectations.
- Advise on updates to the risk approach so it stays aligned with current IT and security practices.
- Partner with second- and third-line teams to support internal audit and risk oversight activities, and to identify the relevant risk areas.
- Own the full risk assessment lifecycle, including identifying risks, analyzing and evaluating them, and defining treatment actions.
- Share assessment results with leaders at different levels in a clear and actionable way.
- Prepare executive presentations and dashboards that highlight key risk indicators.
- Work with risk owners to monitor progress on long-running risks and related remediation activities.
- Maintain a forward-looking risk posture by ensuring new risks are identified, documented, assessed, and remediated where needed.
What the employer is looking for
- A bachelor’s degree in Computer Science, Business Management, or a closely related discipline from an accredited institution.
- At least 5 years of relevant professional experience.
- Background in a professional services environment, with experience in IT risk and controls preferred.
- Solid understanding of different compliance frameworks and risk management principles, with the ability to make decisions that improve overall operational risk.
- Ability to review technical information and explain it effectively to non-technical audiences.
- Clear understanding of business priorities and the ability to balance them against IT risk.
- Strong communication, problem-solving, analytical, and independent judgment skills in a customer-focused and collaborative setting.
- Ability to guide, mentor, and positively influence less experienced team members.
- Working knowledge of the Five Lines of Defense risk model.
- Hands-on experience with IT risk assessments, IT controls testing, reviewing control evidence, identifying control gaps, and supporting remediation collaboration.
- Comfort working with risk records such as risk registers, GRC frameworks, and related tools.
- Ability to work effectively in both structured and less structured environments as the organization changes and grows.
- Capability to build professional relationships and influence people at all levels without direct reporting authority.
- Ability to contribute to strategic team initiatives.
- Creative mindset with the ability to propose practical business solutions.
- Strong PowerPoint and executive presentation skills.
- Experience with ServiceNow and Integrated Risk Management modules is an advantage.
- Exposure to tools such as Power BI, Power Platform, Power Automate, MS Forms, or Access is also an advantage.
- Professional certifications such as CRISC, CISM, CISA, or CISSP, or equivalent experience, are preferred.
Working arrangement and conditions
This role follows a hybrid model. Team members may work from home in Jamaica or from the office, but must be present in the office at least five days each month, with additional office time possible based on business needs. Employees are expected to use KPMG-approved generative AI tools to support daily work. The position is in a fast-paced team environment, operates largely in a paperless setting, and requires regular use of information systems throughout the workday. Extended hours may occasionally be required, including on public holidays.
About the workplace
JESS is designed to support KPMG United States from Kingston, Jamaica. The work environment emphasizes collaboration, technology use, and service delivery within a global professional services context.