Senior - IT Audit

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. 
KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment

KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term.

Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature.

Requirement

Seeking a highly skilled Cyber Security Auditor with expertise in auditing cyber security Process, risks and controls. 
A strong understanding of industry frameworks such as NIST (e.g., NIST CSF, NIST 800-53) and hands-on experience 
in assessing cybersecurity risks, governance controls, and technical security measures. This role involves validating 
control effectiveness, performing closure verification/issue validation to strengthen cyber security posture.
Conduct assessments of cyber security risk and controls across network security, application security, 
vulnerability management, and governance controls.

Responsibilities for Internal Candidates

• Perform closure verification and issue validation for security findings, ensuring remediation aligns with risk reduction objectives.
• Evaluate vulnerability management programs, patch management processes, and threat intelligence integration.
• Review and test governance controls related to cyber security policies.
• Strong understanding of NIST frameworks (CSF, 800-53), ISO 27001, CIS Controls, and regulatory requirements.
• Technical expertise in network security, firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM tools, and endpoint security.
• Hands-on experience in application security, vulnerability management, patch management, and security monitoring.
 

Qualifications for Internal Candidates 

 
Strong knowledge of network protocols (TCP/IP, HTTP, SSL/TLS, DNS, VPN, etc.) and secure configurations.
• Familiarity with cloud security controls (AWS, Azure, GCP) and DevSecOps principles.
• Professional certifications such as CISA, CISSP, CISM, CRISC, CEH, or GIAC certifications (GCIH, GCFA, GPEN) are highly desirable.
• Stay up to date with emerging cyber threats, attack techniques, and regulatory requirements impacting security controls

Equal employment opportunity information:

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.