Job Description
KPMG
IT Audit (Risk Assessment)
Full-Time
Bengaluru, India.
KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara.KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment
Any Degree
Freshers
IT Advisory Risk Consulting – IT Audit & AssuranceKPMG’s IT Advisory – Risk Consulting team is looking for Associate Consultants/ Consultants/ Assistant Managers to join their IT Audit & Assurance team in Bengaluru. Team provides Independent assurance on controls in place across client’s IT environment and ways to mitigate Technology risks.Following are some of our key solution offerings•Application/Infrastructure Risk assessments• Risk Based IT Internal Audit• IT SOX 404 Controls Testing, Quality Assurance• Internal Financial Controls related to IT General Controls• IT General Controls as part of Financial Statements Audits• IT Risk & Control Self-Assessment• Business Systems Controls / IT Application Controls• Auditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etc.• IT Attestation (SOC1/SOC2/ISAE 3402, ISAE 3000 etc.)• Third Party/Vendor Risk AssessmentsPosition: Consultants/ Assistant ManagersLocation: BengaluruResponsibilitiesIndustry Experience:• Plan, budget and execute the day-to-day activities of infrastructure audit engagements for clients• Assess client's security landscape, assess, evaluate and recommend most suitable security solution, tools & techniques to create a threat resilient landscape using KPMG differentiated approach and methodologies. Provide security concept, framework & standards for development & support client teams for the solution design, customization build and roll out to end users.• Perform a holistic security risk assessment of the client’s IT landscape taking various assets, threats, vulnerabilities, business impact & legal aspects into consideration. Designing and implementing controls to mitigate identified risks by lucid communication to client stakeholders. Effective persuasive/convincing abilities while communicating gaps detected during audits, risk assessments, attestation engagements.• Collaborate with other practice groups to review the effects of new threats and vulnerabilities in the security space to assess, remediate, test and protect client application artefacts, data and enterprise ecosystems from threat vectors as they emerge.
Engineering / MBAs with atleast 5+ years of experience• 3+ years of experience with hands on exposure to Infrastructure / Mobile/ Web application security spanning across various technologies.• Working level familiarity of advanced security assessment concepts, including but not limited to –, Malware analysis, OT/ICS security, Cloud security, security in IoT, Blockchain, RPA and emerging technologies, etc.• Working level familiarity with Static and Dynamic Analysis tools (SAST, DAST, IAST). Ability to manage deployment & use of OWASP tools and methodologies.• Ability to elucidate vulnerabilities and weaknesses in the OWASP Top10,WASCTCv2, SANS Top-25 and CWE25 to client IT/ISO audiences and discuss effective defensive techniques.• Comprehensive understanding and previous oversight of IT hardware, software, networking, databases, API services, J2C storage, licensing and related hosting needs.• Infrastructural configuration reviews to identify the security related gaps within the IT environment• Preference would be given to significant experience in relevant technical knowledge: (a) financial statement – IT Audits; (b) IT internal or IT operations audits; (c) IT SOX engagements (d) Emerging Technology Risks (e) Data Privacy and PCI-DSS risks• Good to have, add on skills - Working level familiarity with relevant vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint or any other open source tools). Working level familiarity with web application vulnerability scanning tools (e.g. IBM AppScan, HP Fortify, Accunetix, NTO Spider, Burpsuite Pro or any other open source tools), SIEM tools (SolarWinds, Splunk, LogRhythm, IBM QRadar)• Ability to understand/identify best practices for infrastructure process and controls.• CISA, CISM, CISSP, CRISC, TOGAF certifications would be an added advantage• Prior experience in client facing / account management roles• Possess strong domain knowledge, understanding of IT processes supporting business and possible risks in operations of at least two industry sectors
Click here to apply
Lucky IT Hub
