KPMG - Manager - IT Security Review

Security Review Manager

Narrative:

- This role is responsible for performing IT security risk assessments, Information Security and Third Party Security Assessments and to ensure that appropriate security controls are implemented and in alignment with security-related project objectives and timelines.

- Liaise with IT and other representatives of assigned business functions to ensure that project pipelines are understood and that project priorities are reflected in IT Risk & Security's resource planning

- Function as a subject matter expert in several IT security domains (e.g. access control, cryptography, monitoring, etc.)

- Continuously improve the security aspects of operating processes

- Perform information security risk assessments of technology enabled projects. Activities include vendor reviews, security requirement definition, facilitation of security testing and management of residual risk

- Advise and assist project teams regarding compensating control alternatives where security requirements cannot be met

- Act as the primary point of contact between IT project teams and IT Security groups to ensure that appropriate security resources are scheduled, and that security-related project objectives and timelines are met

- Perform Vendor Security assessments. Activities include evaluation of vendor controls and practices, process enhancements, reviewing security test reports and analyzing and developing security requirements.

- Communicate and track remediation plans with all stakeholders and where applicable recommend mitigating/compensating controls.

- Manage and track residual risks related documentation in GRC (Governance Risk and Compliance) applications like Archer

Skills:

(Below are the mandatory skill)

- Function as a subject matter expert in several IT security domains (e.g. access control, cryptography, monitoring, etc.). Understanding of security principles, IT security controls and related technologies and products

- Excellent verbal/written communication, collaboration, analytical and presentation skills to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize and support an environment driven by customer service and team work. Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.

- Stay abreast of the latest information security regulatory requirements, technologies, controls, practices, techniques and threats. Examples:

- Experience with securing for cloud environments

- Knowledge of security solutions such as: Authentication solutions (Active Directory, LDAP, Okta, or other access broker), Intrusion Detection Devices (IDS), firewalls, load balancers, proxies, DLP, Qualys, CarbonBlack, Symantec CCS.

- Knowledge of common application vulnerabilities such as Injection flaws, Cross-site scripting, broken authentication, etc.

- Familiarity with security standards such as NIST800 series, ISO 27000, PCI-DSS, HIPAA

Certifications: (ISC)2 Certified Information System Security Professional (CISSP, CCSP or CCSK)- Preferred

Educational Criteria: BTech /BE/ MCA