Assistant Manager - Info Sec and Tech Risk Assessments

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. 

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Experience: Minimum 10 years' experience in information security
Responsibilities:

• Conduct threat modeling and risk assessments to evaluate potential security risks associated with the organization
• Provide guidance on risk remediation strategies and the implementation of countermeasures to address identified security risks
• Ensure GDPR & PCI-DSS compliance across all areas of the organization
• Work with the development team to ensure compliance with SDLC lifecycle and secure coding practices
• Lead encryption efforts and disable deprecated protocols to maintain data security while in transit or at rest
• Incorporate NIST framework into the organization's security practices and stay up-to-date with the latest controls
• Review penetration testing reports, static and dynamic application security testing results, SaaS platforms, Azure Defender reports, and third-party application integration risks to identify vulnerabilities and evaluate overall security posture
• Provide expertise in security and network architecture and design
• Create comprehensive data flow diagrams to identify potential threats and identify areas for improvement
• Evaluate cloud security posture and provide recommendations to enhance overall security
• Continuously identify potential flaws in the entire architecture and implement security controls and practices to prevent future breaches

Equal employment opportunity information 

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.
Requirements:

• Bachelor's degree in Computer Science, Information Technology, or related fields
• 10+ years of experience in information security or related fields
• Strong understanding of GDPR & PCI-DSS requirements
• Experience with threat modeling, risk assessment, and remediation
• Familiarity with secure application development principles and secure coding practices
• Experience with identity and access management (IAM) solutions and authentication protocols such as SAML, OAuth, and OpenID Connect
• Understanding of network security protocols such as TCP/IP, DNSSEC, SSL/TLS, IPSec, and firewalls
• Experience in encryption technologies and protocols for data security
• Knowledgeable in NIST framework controls
• Strong analytical and problem-solving skills
• Expertise in security architecture and network design
• Proficiency with creating detailed data flow diagrams
• Familiarity with cloud security trends and best practices
• Experience with DevOps and CI/CD pipelines and creating a DevSecOps culture
• Excellent communication and interpersonal skills
• Professional Certifications: CISSP, CCSP, CCSK, CEH