KPMG - Manager - Cyber Security (8-12 Yrs) Mumbai (Others) by KPMG

XpatJobs (November-2017 से पंजीकृत) ने 11 दिन पहले इस नौकरी को पोस्ट किया था

Job Description : - Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables.
-Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status.
-Risk Assessment, identification and Evaluation of Controls, capturing the same in Risk Control Matrix.
-Perform testing of IT Security Application Controls and Interface Controls, IT General Control review, Change Management, Access Control, Business Continuity and Disaster Recovery - Perform business process walkthrough and controls testing for ISAE 3402/SSAE 18 engagement.
-Performing SOC 1, SOC 2 review for clients - Use knowledge of the current IT environment and industry IT trends to identify the engagement and client service issues, and communicate this information to the project manager.
-Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables.
-Demonstrate a thorough understanding of complex information systems and apply it to client situations.
-Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performed.
-Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding projects progress.
-Monitoring and Tracking for Budget and Time Estimates on engagements. Main Skill Set : - Effective and efficient response to Cyber Incidents - Forensic Analysis and Detailed Investigations - Incident Response readiness Planning (Simulation, Tabletop exercises, Playbooks, Training and Awareness) - Cyber Incident Investigation and remediation (Retainership, on-call services) - Threat Intelligence collection - Data breach remediation - 8 years of experience with hands on exposure to Infrastructure / Mobile/ Web application security spanning across various technologies.
-Comprehensive understanding and working level familiarity of advanced security assessment concepts, including but not limited to - Red Team Assessments, Cyber Drills, Table-Top exercise, Spear Phishing and Vishing attack scenarios, Malware analysis, OT/ICS security, Cloud security, security in IoT and emerging technologies etc.
-Working level familiarity with Static and Dynamic Analysis tools (SAST, DAST, IAST).
-Ability to manage deployment use of OWASP tools and methodologies.
-Working level familiarity with relevant vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint or any other open source tools).
-Working level familiarity with web application vulnerability scanning tools (e.g. IBM AppScan, HP Fortify, Accunetix, NTO Spider, Burpsuite Pro or any other open source tools).
-Ability to elucidate vulnerabilities and weaknesses in the OWASP Top10,WASCTCv2, SANS Top-25 and CWE25 to client IT/ISO audiences and discuss effective defensive techniques.Comprehensive understanding and previous oversight of IT hardware, software, networking, databases, API services, J2C and related hosting needs. Responsibilities : - Assess clients security landscape, assess, evaluate and recommend most suitable security solution, tools techniques to create a threat resilient landscape using KPMG differentiated approach and methodologies.
-Provide security concept, framework standards for development support client teams for the solution design, customization build and roll out to end users.
-Collaborate with other practice groups to review the effects of new threats and vulnerabilities in the security space to assess, remediate, test and protect client application artefacts, data and enterprise ecosystems from threat vectors as they emerge.
-Work with other technology groups to provide cohesive solutions in Network and application Security encompassing architecture, standards and implementation related mandates for development, deployment and maintenance.
-Manage teams delivering co-working discovery workshops support delivery teams to provide assessment, remediation, testing and standards refresh for the application security practice.
-Present and distill complex Security solutions into simple, easy to understand concepts for both technical and non-technical audiences especially in the context of opportunity pursuit. Drive Innovation through Offerings : - Drive profitable growth through the execution of the strategy and the strengthening of the cyber security practice - Building innovative collaborative solutions to bring combined offerings such as security related combinations with J2C, API, Data security as advisory execution footprint to capture opportunities illustrate convergence - Bring the cyber security practice to life to achieve sales and commercial opportunities in a collabor...

Required Skills : English