At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.
We are seeking Cybersecurity Strategy, Governance & Risk specialist to join our Technology Consulting practice. This role focuses on managing topical cyber security issues for our clients by helping them in identifying cyber security risks within the organization and defining strategy as well as designing controls to address the risk.
Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.
Job Responsibilities: • Support Cybersecurity engagements across the full set of capabilities at KPMG, including security strategy, policy and architecture, information privacy and governance, certification and compliance, business and technology resilience and security testing. • Deliver Cybersecurity Maturity Assessments and Cybersecurity Control Gap Remediation (covering the design and implementation of controls to address the people, process and technology risks) projects. • Perform Cybersecurity Maturity Assessments by assessing cyber risk factors across 6 functional domains -Leadership & Governance, Human Factors, Information Risk Management, Business Continuity, Technology & Operations, Legal & Compliance. • Assess the IT architecture -application, database, operating system, hardware platforms (including web and mobile) and network infrastructure -for vulnerabilities to cyber-attacks. • Communicate technical issues in business terms and deliver value using a pragmatic approach to the technical components of Cybersecurity. • Design and implement processes for Identity & Access Controls, Cyber Incident Management, Intrusion Detection, Threat Intelligence, Cyber Data Analytics, Security Monitoring, etc. • Assist in continuously enhancing the existing cyber assessment methodologies. • Develop marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients. • Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements. • Build and maintain relationships with existing and prospective clients, and develop / improve your network of business contacts. • Assist with scoping prospective engagements and developing proposals.
Qualifications and Skills: • Professionally qualified preferred (e.g. CISSP, CRISC, CISA, CISM, PMP or other relevant qualifications) • Any degree in technology, engineering, or business studies with information systems major/minor from an accredited college / university along with deep interest in technology risk, security and IT governance will be considered • Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese) • Strong interpersonal skills with a demonstrated ability to gain the confidence and respect of senior level executives • Strong client services orientation and accustomed to taking an active role in executing client engagements • Strong analytical skills and the ability to develop thought leadership publications
Experience: • Minimum 2 years of relevant experience for Senior Consultant. Candidates with less experience (fresh graduates to 2 years of relevant experience) will be considered for Consultant • Prior consulting experience in information security preferred, ideally within a professional services environment or internal consultancy function delivering cyber security related services • Strong knowledge of enterprise technologies, especially networking principles and internet-based technologies, with self-motivated learning ability • Strong knowledge of internet application security, including common internet application vulnerabilities and network architecture to support internet applications • Strong knowledge base in operations, enterprise networking, operating systems and database security evaluation and architecture • Knowledge of IT security vendor products is an advantage • Experience in financial services is preferred