KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way. Our wide range of projects includes Cyber Strategy, Governance & Risk, as well as a growing presence in Attack & Penetration Tester or Ethical Hacker. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story. Responsibilities:
- Support information security engagements including security strategy, policy and architecture, information privacy and governance, certification and compliance, business and technology resilience and security testing.
- Communicate technical issues in business terms and deliver value using a pragmatic approach to the technical components of information security.
- Deliver Cybersecurity Maturity Assessments and Cybersecurity Control Gap Remediation (covering the design and implementation of controls to address the people, process and technology risks) projects.
- Perform Cybersecurity Maturity Assessments by assessing cyber risk factors across 6 functional domains - Leadership & Governance, Human Factors, Information Risk Management, Business Continuity, Technology & Operations, Legal & Compliance
- Identify and communicate engagement findings to senior management and client personnel
- Develop marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients
- Build and maintain relationships with existing and prospective clients, and develop / improve your network of business contacts
- Assist with scoping prospective engagements and developing proposals
- Take an active role in KPMG's global community of security professionals, assist with research into vulnerabilities and develop our ability to perform security engagements
- Bachelor's degree in a Computer Science or related disciplines
CISSP, CISA and / or CISM certification preferred, and accreditation for an industry penetration testing certification preferred (e.g. GPEN, or CEH)
- Minimum of five years' experience in information security, ideally within a professional services environment or internal consultancy function delivering cyber security related projects
- Strong knowledge of internet application security, including common internet application vulnerabilities and network architecture to support internet applications
- Strong knowledge base in operations, enterprise networking, operating systems and database security evaluation and architecture
- Experience with security testing tools is an advantage
- Knowledge of IT security vendor products is an advantage
- Experience in financial services is preferred
- Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
- Strong interpersonal skills with a demonstrated ability to gain the confidence and respect of senior level executives
- Strong client services orientation and accustomed to taking an active role in executing client engagements
- Strong analytical skills and the ability to develop thought leadership publications