Senior Manager Information Protection Group

@ KPMG China

Senior Manager Information Protection Group

KPMG China offers multidisciplinary services in audit, tax, and advisory, with an emphasis on client needs and corporate responsibility. Our Information Protection Group (IPG) is part of Quality & Risk Management (Q&RM) dedicated to addressing information security, privacy, and data management challenges.

Service Line Overview

The IPG is responsible for managing internal/external audits and ensuring compliance with information security laws and standards across Chinese Mainland, Hong Kong, and Macao. You will help translate insights into action while balancing business needs with robust security requirements.

Key Responsibilities

• Manage internal and external audits and compliance reviews (ISO27001, ISO27017, ISO27701).
• Ensure adherence to firm policies and applicable security regulations.
• Handle queries from business units and regulators.
• Deliver balanced security recommendations and support business strategy.
• Collaborate with IT, technology groups, and business teams.

Experience & Background

Minimum 10 years of experience in information security with 5+ years in a managerial role; Big 4 experience is a plus. Academic background in IT, Computer Science or related field and professional certifications (CISM, CISA, CISSP) are highly preferred. Hands-on experience with ISO standards and China’s MLPS 2.0 is beneficial.

About KPMG China

KPMG China is committed to diversity, ESG initiatives, and creating an inclusive work environment. We invite all qualified candidates to apply and unlock opportunities with us.

Key skills/competency

• Information Security
• Audit
• Compliance
• ISO27001
• Risk Management
• Leadership
• Stakeholder Management
• Data Protection
• Security Frameworks
• Communication