Senior Consultant, Information Risk Management, IT Audit - Cyber Security
KPMG
Hong Kong, Hong Kong
2天前

Responsibilities

  • Conduct IT Security audits against industry security standards and practices (such as HKMA C-RAF, ISO / IEC 27001, SOC2 TSC, PCI-DSS, US NIST SP 800-53, CIS Critical Controls).
  • Review IT Security audit findings, providing observations and recommendations to improve audit client's IT Security practices and procedures.
  • Evaluate audit client's IT Security governance and practices and provide recommendations to improve IT Security governance and to mitigate IT Security risks impacting our audit.
  • Plan and execute IT Audit day-to-day activities as part of a broader audit team, while focusing on IT Security specific aspects of our audit.
  • Complete task and deliverables to a high-quality standard as part of the audit engagements
  • Keep senior IRM members informed of significant developments and progress on the engagement
  • Help identify performance improvement opportunities for assigned clients
  • Conduct fieldwork in ensuring we deliver value-added services to clients
  • Develop internal networks and maintain excellent relationships with colleagues across KPMG, in particular in the wider Consulting, Audit and Advisory areas
  • Contribute to a collaborative culture encouraging constructive working relationships with the audit team and others
  • Qualifications

  • 2 years direct work experience in a technical environment
  • University degree in the field of computer science / technology management and / or 2+ years related work experience
  • Certifications in Cyber Security and / or Technology fields a plus
  • Familiarity with security audit and / or standard audit practices
  • Ability to conduct technical security audits for complex information systems
  • Ability to analyse information systems and technical specifications against defined security control standards and identify deficiencies and remediation strategies
  • Experience with network security, vulnerability management, incident response
  • Knowledge of emerging cyber security trends and threats (DOS / DDOS, phishing, ransomware, Malware, SQL injections, zero-day exploit, cross-site scripting, zero-day exploit)
  • General knowledge of network and security system functionality (firewall, ACL, VLAN, TCP / IP, PKI, VPN Tunnelling, proxies, DNS, CDN)
  • Familiarity with latest security software, encryption and related solution such as WAF, MFA, SOC, NDR, NAC, MDM, SIEM, DLP, etc
  • Familiarity with industry security standards such as HKMA C-RAF, ISO / IEC 27001, SOC2 TSC, PCI-DSS, US NIST SP 800-53, CIS Critical Controls, etc a plus
  • Ability to deliver work within tight timelines, on budget and at a high level of quality
  • Strong teamwork ability and able to work independently
  • Strong understanding of audit and documentation requirements
  • 报告这项工作
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    申請
    郵箱地址
    通過點擊“繼續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。
    繼續
    申請表