2 - Cloud Security + ISO 27k1 (Con/AM)

About KPMG in India

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Our professionals provide the experience to help companies stay on track and deal with risks that could unhinge their business survival. Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges and working in partnership with us, clients have the benefits of KPMG's experienced, objective, and industry-grounded viewpoints.

Role & RESPONSIBILTY

• Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Perform risk assessments on various applications, services, and infrastructure components.
• Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments.
• Evaluate and interpret assessment results to identify potential vulnerabilities and risks and provide actionable recommendations for risk mitigation.
• Stay up to date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments.
• Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders.
• Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies.
• Mentor and support junior team members to foster their professional growth and skills in cyber risk.
• Establish and sustain long-term profitable client relationships that drive value creation, delivery excellence and a positive client work environment.
• Manages client expectations and client satisfaction. Acts as an advisor and partner to the client.
• Design, develop and implement business strategies for clients to implement new and different approaches to business based on the innovation approach.

REQUIREMENTS:

• A minimum of 4+ years of hands-on experience in conducting cyber risk assessments and related security assessments.
• Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued.
• Profound knowledge of cybersecurity frameworks, industry standards, and best practices.
• Proficiency in using various security assessment and techniques.
• Conceptual knowledge of OT security (OT systems and networks), ISA/IEC 62443 standard is preferable.
• Ability to apply knowledge of cyber security to OT/SACAD systems to implement new cyber defence/resiliency technique.
• Working knowledge of cybersecurity policies and standards using NIST and IEC 62443.
• Strong analytical and problem-solving skills, with the ability to think critically and strategically.
• Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences.
• Demonstrated experience in project management and handling multiple assessments simultaneously.
• A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development.
• Network Security, infrastructure assessment and network architecture design review.
• Knowledge on GDPR/PCI-DSS/NIST/Privacy
• Hands on experience on technologies like Zscaler, networking devices, cloud computing is preferable.
• Conduct end-to-end risk assessments (impact assessments, regulatory assessments, control assessments)
• Information security risk assessments for cloud services, vendor developed/ managed applications.

SELECTION PROCESS

• Candidates should expect 2-3 rounds of personal or telephonic interviews to assess fitment and communication skills.