Job
Description
Engineering / MBAs with atleast 6+ years of experience 3+ years of experience with hands on exposure to Infrastructure / Mobile/ Web application security spanning across various technologies Working level familiarity of advanced security assessment concepts, including but not limited to -, Malware analysis, OT/ICS security, Cloud security, security in IoT, Blockchain, RPA and emerging technologies, etc Working level familiarity with Static and Dynamic Analysis tools (SAST, DAST, IAST) Ability to manage deployment & use of OWASP tools and methodologies Ability to elucidate vulnerabilities and weaknesses in the OWASP Top10,WASCTCv2, SANS Top-25 and CWE25 to client IT/ISO audiences and discuss effective defensive techniques Comprehensive understanding and previous oversight of IT hardware, software, networking, databases, API services, J2C storage, licensing and related hosting needs Infrastructural configuration reviews to identify the security related gaps within the IT environmentPreference would be given to significant experience in relevant technical knowledge: (a) financial statement - IT Audits; (b) IT internal or IT operations audits; (c) IT SOX engagements (d) Emerging Technology Risks (e) Data Privacy and PCI-DSS risksGood to have, add on skills - Working level familiarity with relevant vulnerability scanning tools (e g , Qualys, Nessus, Nexpose, Saint or any other open source tools) Working level familiarity with web application vulnerability scanning tools (e g IBM AppScan, HP Fortify, Accunetix, NTO Spider, Burpsuite Pro or any other open source tools), SIEM tools (SolarWinds, Splunk, LogRhythm, IBM QRadar) Ability to understand/identify best practices for infrastructure process and controls CISA, CISM, CISSP, CRISC, TOGAF certifications would be an added advantagePrior experience in client facing / account management rolesPossess strong domain knowledge, understanding of IT processes supporting business and possible risks in operations of at least two industry sectorsDemonstrate integrity, values, principles, and work ethic and lead by example Selection Process The mandatory fields must be completed for the application to be submittedDuring the registration process, the candidate will be asked for the source of referral which includes the name and KPMG e-mail ID of the referrer Provide security concept, framework & standards for development & support client teams for the solution design, customization build and roll out to end users Perform a holistic security risk assessment of the client s IT landscape taking various assets, threats, vulnerabilities, business impact & legal aspects into consideration Designing and implementing controls to mitigate identified risks by lucid communication to client stakeholders Effective persuasive/convincing abilities while communicating gaps detected during audits, risk assessments, attestation engagements Collaborate with other practice groups to review the effects of new threats and vulnerabilities in the security space to assess, remediate, test and protect client application artefacts, data and enterprise ecosystems from threat vectors as they emerge Work with other technology groups to provide cohesive solutions in Risk assessments, Financial statement audits, Attestation engagements encompassing network architecture, application, database, , standards and implementation related mandates for development, deployment and maintenance Manage teams delivering co-working discovery workshops & support delivery teams to provide assessment, remediation, testing and standards refresh for the application security practice Present and distill complex Security solutions into simple, easy to understand concepts for both technical and non-technical audiences especially in the context of opportunity pursuit Drive Innovation through Offerings: Drive profitable growth through the execution of the strategy and the strengthening of the audit and assurance practice Building innovative & collaborative solutions to bring combined offerings such as security related combinations with J2C, API, Data security as advisory & execution footprint to capture opportunities & illustrate convergence Bring the audit and assurance practice to life to achieve sales and commercial opportunities in a collaborative ecosystem and follow through with support for cost effective high quality execution Additional Responsibilities for Assistant Managers:Supervise associates and interns on engagementsServe as a liaison between financial services clients and upper managementEstablish and sustain long-term profitable client relationships that drive value creation, delivery excellence and a positive client work environmentWorks with the client to minimize delivery disruptions and effectively manages client urgencies
