Senior Consultant, Information Risk Management, IT Audit - Cyber Security

KPMG

Hong Kong, Hong Kong

2天前

Responsibilities

Conduct IT Security audits against industry security standards and practices (such as HKMA C-RAF, ISO / IEC 27001, SOC2 TSC, PCI-DSS, US NIST SP 800-53, CIS Critical Controls).

Review IT Security audit findings, providing observations and recommendations to improve audit client's IT Security practices and procedures.

Evaluate audit client's IT Security governance and practices and provide recommendations to improve IT Security governance and to mitigate IT Security risks impacting our audit.

Plan and execute IT Audit day-to-day activities as part of a broader audit team, while focusing on IT Security specific aspects of our audit.

Complete task and deliverables to a high-quality standard as part of the audit engagements

Keep senior IRM members informed of significant developments and progress on the engagement

Help identify performance improvement opportunities for assigned clients

Conduct fieldwork in ensuring we deliver value-added services to clients

Develop internal networks and maintain excellent relationships with colleagues across KPMG, in particular in the wider Consulting, Audit and Advisory areas

Contribute to a collaborative culture encouraging constructive working relationships with the audit team and others

Qualifications

2 years direct work experience in a technical environment

University degree in the field of computer science / technology management and / or 2+ years related work experience

Certifications in Cyber Security and / or Technology fields a plus

Familiarity with security audit and / or standard audit practices

Ability to conduct technical security audits for complex information systems

Ability to analyse information systems and technical specifications against defined security control standards and identify deficiencies and remediation strategies

Experience with network security, vulnerability management, incident response

Knowledge of emerging cyber security trends and threats (DOS / DDOS, phishing, ransomware, Malware, SQL injections, zero-day exploit, cross-site scripting, zero-day exploit)

General knowledge of network and security system functionality (firewall, ACL, VLAN, TCP / IP, PKI, VPN Tunnelling, proxies, DNS, CDN)

Familiarity with latest security software, encryption and related solution such as WAF, MFA, SOC, NDR, NAC, MDM, SIEM, DLP, etc

Familiarity with industry security standards such as HKMA C-RAF, ISO / IEC 27001, SOC2 TSC, PCI-DSS, US NIST SP 800-53, CIS Critical Controls, etc a plus

Ability to deliver work within tight timelines, on budget and at a high level of quality

Strong teamwork ability and able to work independently

Strong understanding of audit and documentation requirements

报告这项工作

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.