Global CSIRT Senior Analyst

Base Location: London or fully remote with occasional London travel.

About KPMG International

Together with more than 273,000 colleagues in 143 countries throughout our member firms, people at KPMG imagine big ideas and bring solutions to life for clients both big and small. A role with KPMG International will open a world of opportunity in your career. KPMG International helps set the strategy and protects the reputation of this global organization of independent professional services firms providing Audit, Tax and Advisory services. We deliver value to our member firms and drive positive change in the communities we serve. By joining us you will gain a unique understanding of how a global organization operates and work on projects that impact the whole organization.

About this Global Group

Global Technology & Knowledge provides crucial services to enable KPMG’s digital transformation, ensure security across the network and accelerate our Collective Strategy.

About this Team

GISG (Global Information Security Group) provides the information protection and technology infrastructure that secures KPMG’s technology environment and connects its network of member firms. GISG works with the other GT&K domains to ensure that appropriate security controls are in place for KPMG technology solutions.

Role summary

The Cyber Security Incident Response Manager plays a pivotal role in identifying, investigating, and managing cyber and data handling incidents within KPMG’s Global Information Security Services (ISS) function. ISS delivers and oversees critical cybersecurity capabilities—including Security Monitoring & Response (SMR), Vulnerability Assessment & Secure Development (VASD), and Cyber Threat Intelligence (CTI)—across Global, Global Functions, and the broader KPMG network of member firms.

This position offers an exciting opportunity to join a progressive and innovation-driven security team, contributing directly to the evolution of the Cyber Security Incident Response Team (CSIRT) on a global scale. The role reports directly to the Global Cyber Security Incident Response (CSIRT) Lead.

The ideal candidate will bring knowledge in Cyber incident response, data protection, and regulatory compliance, along with the ability to collaborate effectively across functions to reduce risk and strengthen KPMG’s global data security posture.

Key Accountabilities

• Incident Detection & Response: Triage alerts reported by GSOC, Global functions and KPMG's network of member firms, including clients, supply chain and from Security tooling like DLP, CASB, XDR and SIEM. Contribute to the investigation and response to cyber and data handling incidents, including misdirected emails, unauthorized data access, and policy violations. Support containment, eradication, and recovery efforts for Cyber and data-related incidents.
• Root Cause Analysis & Reporting: Contribute to root cause analysis to determine the origin and impact of incidents. Document incidents thoroughly and support preparation of detailed reports for internal stakeholders and regulatory bodies as required.
• Cross-Functional Integration & Alignment: Collaborate with teams across Legal, HR, Compliance, Global Enterprise Technology (GET), Global Functions, RSD and key Member Firms to ensure appropriate incident handling and communications aligned to best practices. Contribute to the delivery of guidance and support on secure data handling practices. Support changes in standards and policies.
• Process Improvement: Identify gaps in detection and response processes and recommend improvements. Support the development and refinement of playbooks and standard operating procedures (SOPs) for cyber and data-related incidents. Support the evolution of the service.
• Training & Awareness: Support security awareness initiatives related to data handling and incident management and reporting. Contribute to the delivery of training to first-line responders and KPMG member firm security teams on incident escalation procedures.

Experience / Knowledge / Qualification

• Leadership & Strategic Experience: Proven experience in incident response, preferably with a focus on data protection and privacy incidents within highly regulated industries such as professional services, finance, healthcare, or energy.
• Technical Expertise in Cybersecurity & Incident Response: Experience with email security, cloud platforms, and endpoint protection. Strong understanding of DLP, CASB, SIEM, XDR and other security monitoring tools. Proven ability to manage and/or support response to complex security incidents and data breaches. Strong troubleshooting and problem-solving skills, with the ability to remain calm and effective under pressure.
• Risk, Governance & Regulatory Knowledge: Strong understanding of cyber and data risk factors impacting information security. Familiarity with data protection regulations (e.g., GDPR, HIPAA, CCPA). In-depth knowledge of cybersecurity regulations, standards, and best practices. High level of integrity and professionalism, with a commitment to ethical conduct and confidentiality. Ability to obtain and maintain security clearance where required.
• Communication & Stakeholder Engagement: Exceptional communication and interpersonal skills, with the ability to collaborate effectively across diverse global stakeholders. Strong analytical skills with the ability to assess and mitigate risks and influence decision-making at senior levels.
• Education & Certifications: Bachelor’s, Master’s, or PhD in Computing, Information Security, or a related field (or equivalent professional experience). Relevant certifications such as CISSP, CISM, GIAC (GCIH, GCFA), or CIPP are highly desirable.

Agile/Flexible Working

At KPMG International, we are supportive of helping you to achieve a balance between your home and work demands. We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest.

KPMG International's commitment to inclusion & diversity

At KPMG International, we recognise that we need inclusion and diversity to be successful. We want to attract, retain and develop diverse talent at all levels.