Mandatory Skills

Governance Risk ComplianceCyber riskNetwork SecurityIso 27001PCI DSS

>> Job Description

Role & RESPONSIBILTY

• Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Perform risk assessments on various applications, services, and infrastructure components.
• Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments.
• Evaluate and interpret assessment results to identify potential vulnerabilities and risks and provide actionable recommendations for risk mitigation.
• Stay up to date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments.
• Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders.
• Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies.
• Mentor and support junior team members to foster their professional growth and skills in cyber risk.
•  Establish and sustain long-term profitable client relationships that drive value creation, delivery excellence and a positive client work environment.
• Manages client expectations and client satisfaction. Acts as an advisor and partner to the client.
• Design, develop and implement business strategies for clients to implement new and different approaches to business based on the innovation approach.

REQUIREMENTS:

• A minimum of 4+ years of hands-on experience in conducting cyber risk assessments and related security assessments.
• Conduct end-to-end risk assessments (impact assessments, regulatory assessments, control assessments, privacy assessment, network/cloud assessment etc.)
• Experience in performing internal audits based on ISO 27001, compliance audits and risk assessments related to payment card security based on PCI DSS standards.
• Knowledge of encryption technologies, firewalls, IDS/IPS, and other network security controls
• Network Security, infrastructure assessment and network architecture design review.
• Profound knowledge of cybersecurity and governance frameworks, industry standards, and best practices.
• Assess new, or changes to existing, exception processes, and follow change management process to make improvements as applicable.
• Support control owners for ‘issue management’ process and collaborate with them for any inquiry within Service Now platform.
• Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences.
• Demonstrated experience in project management and handling multiple assessments simultaneously.
• A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development.
• Strong communication and stakeholder & conflict management skills.
• Strong analytical and problem-solving skills, with the ability to think critically and strategically.
• Hands on experience on technologies like Zscaler, networking devices, cloud computing is preferable.
• Conceptual knowledge of OT security (OT systems and networks), ISA/IEC 62443 standard is preferable.

>> SELECTION PROCESS

Candidates should expect 2-3 rounds of personal or telephonic interviews to assess fitment and communication skills.

Key skills-

Additional Information

KPMG is hiring for ‘Information Sec and Technology risk assessment’ in governance, risk, compliance (GRC space) having risk assessment experience, network security skills or basic network understanding and PCI DSS as add-on, emphasizing the need for candidates with 4+ years of experience, with a preference for those who can join immediately and add relevant certifications such as ISO 27001, CISSP, CISA, PCI DSS. Aiming to close hiring by November end or as early as possible in December.

Job Requirements and Specifications:

• Hiring for 4+ years’ experience in risk assessment, governance, risk, compliance, and network security
• Early joiners preferred (Open to consider 90 days of notice period)
• Strong communication skills are crucial due to global client environment.
• Risk assessment is the primary job responsibility.
• GRC experience is mandatory, technical background preferred (Non technical would also work).
• Mix of network security and GRC skills required.
• Prefer candidates with certifications like CISSP, CISA, ISO ISMS, PCI DSS (though certifications aren’t mandatory)
• NIST cybersecurity framework knowledge desired
• 
  

Additional Job Requirements and Considerations:

• Candidates should be willing to relocate to Bangalore.
• Diversity candidates and PWD (Persons with Disabilities) candidates are encouraged.
• 15+ years of education mandatory (12th + 3 years graduation minimum)
• Bangalore office-based role, no remote work option
• Don’t share SOC/L1/L2 support profiles.
• Don't share Network Engineers profiles.
• TPRM (Third-Party Risk Management) profiles are acceptable.

Required Qualification

Any Graduate ,