Job
Description
KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create valueKPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risksThey are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature IT Audit + SAP experience with knowledge of IT governance practicesPrior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 AuditsGood to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (egNIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc)Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodologyExposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantageStrong project management, communication (written and verbal) and presentation skillsKnowledge of security measures and auditing practices within various applications, operating systems, and databasesStrong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalismPreferred Certifications - CISA/CISSP//CISMExposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageProficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: Conduct assessments of cyber security risk and controls across network security, application security, vulnerability management, and governance controlsPerform closure verification and issue validation for security findings, ensuring remediation aligns with risk reduction objectivesEvaluate vulnerability management programs, patch management processes, and threat intelligence integrationReview and test governance controls related to cyber security policiesStrong understanding of NIST frameworks (CSF, 800-53), ISO 27001, CIS Controls, and regulatory requirementsTechnical expertise in network security, firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM tools, and endpoint securityHands-on experience in application security, vulnerability management, patch management, and security monitoringStrong knowledge of network protocols (TCP/IP, HTTP, SSL/TLS, DNS, VPN, etc) and secure configurationsFamiliarity with cloud security controls (AWS, Azure, GCP) and DevSecOps principlesProfessional certifications such as CISA, CISSP, CISM, CRISC, CEH, or GIAC certifications (GCIH, GCFA, GPEN) are highly desirableStay up to date with emerging cyber threats, attack techniques, and regulatory requirements impacting security controls
