Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team. KPMG is currently seeking a Director, Information Protection to join our Digital Nexus Technology organization. This is a remote work opportunity. Responsibilities: Lead the firm's Information Handling Program; Work on the portfolio of projects and business as usual activities that drive continuous improvement in how people protect the confidentiality of firm and client information, the program encompasses people, process, and technology; Lead a team of sixteen people with three direct reports Manage and operate information protection processes, such as the Cyber Sanctions process associated with internal violations to firm policy, procedures and expectations associated with the protection of confidential information; Data Security Governance program to continuously assess, enhance, and optimize the US firm data security governance strategy and program Develop/modify processes to incorporate lessons learned that will improve future data security governance approaches and documented evidence; High Risk Loaner Program where users traveling to information-risky countries take specially configured devices such as laptops, mobile devices vs their standard KPMG devices; Information Handling Preventive Controls including but not limited to blocking web uploads to filesharing sites, including an exception process; Information Incident Response Team (IIRT) that through a cross-functional core response team analyzes, contains, eradicates, and recovers from an information incident; Insider Risk Management program, inclusive of both Federal Practice and firmwide objectives Perform in the role of Incident Commander for large complex information incidents while having appropriate communication and reporting is a critical success factor for the role Collaborate across functions including but not limited to Office of General Counsel, Risk Management, Talent & Culture, federated technology teams, Corporate Communications, and others as needed within the US member firm, KPMG Americas, and KPMG International teams, with the objective of having a consistent approach to information handling and the continuous improvement of related controls Contribute to thought leadership on the topics of information protection, security monitoring and response services and to the security awareness program on firm information handling practices; Maintain currency with industry best practices in this space while incorporating leading tactics, techniques, and procedures; grow the quality, coverage, and scope of services to maintain a best-in-class information protection program Qualifications: Minimum ten years of recent experience in program management and a minimum four years of recent experience in a security role, preferably associated with information handling, protection, and response Bachelor's degree from an accredited college or university is preferred; CISSP preferred Experience leading IT security projects and programs, security operations, monitoring, incident response or crisis management, with the ability to prioritize and divide responsibilities, as well as influence people to take action Excellent verbal/written communication skills with ability to effectively interact with individuals at all levels of responsibility and authority, including working remotely full time or experience working with a geographically dispersed team Strong troubleshooting, IT process definition/improvement and organizational skills, with the ability to work on multiple programs simultaneously Familiarity with privacy laws/regulations such as GDPR, CCPA and HIPAA; U.S. Citizenship is required KPMG complies with all local/state regulations in regards to displaying salary ranges. If required, the salary range(s) are displayed below and are specifically for those potential hires who will perform work in or reside in the location(s) listed, if selected for the role. Any offered salary is determined based on internal equity, internal salary ranges, market data, ranges, applicant's skills and prior relevant experience, certain degrees and certifications (e.g. JD, technology), for example. Bellevue / Seattle Salary Range: Low: $164100 - High: $309200 San Francisco / Santa Clara / Walnut Creek / San Jose Salary Range: Low: $182000 - High: $342900 Los Angeles / Irvine Salary Range: Low: $164100 - High: $309200 San Diego / Sacramento Salary Range: Low: $156700 - High: $295200 New York City Salary Range: Low: $171600 - High: $328900 Colorado Salary Range: Low: $156700 - High: $295200 KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please. KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law. In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).