hermans2.per John Hermans

John is partner of the Amstelveen practice of KPMG IT Advisory. In his current position he is heading the Information Security Services of KPMG in Netherland, covering the following services:

  • lSecurity Strategy Services
  • lIT Governance, Risk and Compliance
  • lTechnical Security Services
  • lIdentity & Access Management
  • lBusiness Continuity services

John is member of KPMG’s global leadership on Information Security as well the global lead of Identity & Access Management Services within KPMG.

Furthermore, John is leading the Cloud Computing Services within KPMG Netherlands. In this role he is responsible for (setup of) the services portfolio concerning Cloud Computing, including advisory services as well as auditing services. John is member of KPMG’s Global Cloud Enablement Program Steering Group .

Professional and industry experience 

John worked for numerous organisations in most industry sectors, such as Financial Service, Oil & Gas, Government and others. John was involved in more than 100 national and international information security projects across the world. John’s major involvements were in assisting clients in their strategy, building the business case and perform program management activities as well as quality assurance activities.

Next to being involved in information security projects, John was involved in numerous cloud computing projects in private and public sector. John’s major involvements were in assisting clients in their cloud computing strategy as well as in advising on cloud security/assurance advisory topics.


European Identity & Cloud Conference 2015
05/06/2015 15:30-16:30 Cloud Risk Assessment
Assessing and Mitigating Cloud Risks
05/07/2015 12:00-13:00 Cloud Contracting Risks
Reaching Compliance Across Jurisdictions: Fundamental Considerations Before Signing a Cloud Services Contract
European Identity Conference 2011
05/11/2011 10:30-11:30 Assessing the Risks of Cloud Computing More
European Identity Conference 2010
05/04/2010 15:00-15:30 Trust in the Cloud More
05/05/2010 15:00-16:00 Panel: Reducing the Risk of Information Leaks: DLP, IRM or both? More
European Identity Conference 2009
05/06/2009 10:30-11:30 Re-Assessing IAM-Strategy in Turbulant Times – Cost Optimisation Approaches for IAM Initiatives More
05/06/2009 11:30-12:30 An Ounce of Prevention is Worth a Pound of Cure – Moving from Detective Controls to Automated Prevention. More
2nd European Identity Conference
04/24/2008 14:00-15:00 Business Roles – Methods and Tools
Methodical Approaches to Business Roles
04/24/2008 16:30-17:30 Panel: Role-based Analytics for Effective GRC – How to Quickly Deploy IT Controls to Address Regulatory Requirements More


European Identity & Cloud Conference 2015
Managing Digital Risk: Mapping the New Distributed Risk Landscapes More
European Identity Conference 2011
Audit-Proof Access Management More
Governance, Risk Management & Compliance (GRC) More
Information Governance More
Managing the New Risks More
European Identity Conference 2010
Linking IdM & GRC to Corporate Performance More
Mitigating Risk More
Privacy & Regulation More
Roles & Attributes More
Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.