Assistant Manager - IT Audit

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara.KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environmentKPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term.Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature

Responsibilities

RESPONSIBILITIES

• Conduct assessments of cyber security risk and controls across network security, application security, vulnerability management, and governance controls.
• Perform closure verification and issue validation for security findings, ensuring remediation aligns with risk reduction objectives.
• Evaluate vulnerability management programs, patch management processes, and threat intelligence integration.
• Review and test governance controls related to cyber security policies.
• Strong understanding of NIST frameworks (CSF, 800-53), ISO 27001, CIS Controls, and regulatory requirements.
• Technical expertise in network security, firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM tools, and endpoint security.
• Hands-on experience in application security, vulnerability management, patch management, and security monitoring.
• Strong knowledge of network protocols (TCP/IP, HTTP, SSL/TLS, DNS, VPN, etc.) and secure configurations
• Familiarity with cloud security controls (AWS, Azure, GCP) and DevSecOps principles.
• Professional certifications such as CISA, CISSP, CISM, CRISC, CEH, or GIAC certifications (GCIH, GCFA, GPEN) are highly desirable.
• Stay up to date with emerging cyber threats, attack techniques, and regulatory requirements impacting security control
  

Qualifications

Qualifications for Internal Candidates??Technical Knowledge of IT Audit Tools

• A team player
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism
• Preferred Certifications CISA/CISSP//CISM
• Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools
  

Equal Employment Opportunity Information

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.