KPMG Cyber
KPMG has been acknowledged by Forrester as a leader in the provision of cybersecurity consultancy. We are investing in expanding our cyber consulting team to meet a growing demand and provide a comprehensive range of services to many of the largest companies in the world.
We help our clients protect, detect and respond to complex cyber threats; helping them understand the cyber threat landscape, make sensible decisions on investment priorities, and build out the specialist capabilities they need to counter financial crime and other threats.
We believe that cyber security is about helping our clients to harness business opportunities safely and securely. For us, cyber security isn’t just a technical issue, but one that engages the whole business and focuses on a holistic approach to understanding and mitigating the risk.
Our team works closely with KPMG’s broader advisory practice to link cyber security to IT transformation and operational resilience.
The Role
You will be a Security Architect within the Cyber transformation Capability helping to deliver high-quality Consulting Services to clients.
The ideal candidate will bring deep hands-on experience in securing on-premise/on-cloud environments, network infrastructure, and endpoints, along with the ability to assess and design secure enterprise and hybrid architectures. You should expect to be involved in a wide range of challenging engagements helping our clients to understand how to harness digital opportunities safely and securely. As a Security Architect you will be advising clients on managing security risks in traditional, hyper-virtualized or cloud environments; assessing and advising on security architectures; delivering automation of security controls and risk reporting; implementing and integrating security into digital customer journeys.
Our clients are under regulatory scrutiny but are also continually battling to match a rapidly changing cyber threat landscape while harnessing the opportunities offered by digital services. We expect you to understand the world of our clients, the complexities of modern technologies, and to be able to translate complex cybersecurity issues into straightforward, credible, jargon-free advice to our clients; while making sure we can deliver the support they require.
If you can help our clients seize the opportunity offered by the digital world, and do so in a secure way, then you are the type of person we are looking for.
Responsibilities
Delivery of client engagements to ensure quality and value to our clients by:
- Understanding their business challenges and the Cyber threats they face
- Helping them navigate the increasingly complex cybersecurity regulatory environment.
- Advising on digital and technical aspects of cyber security governance, frameworks, and operating models
- Helping them optimize their approach to digital and technical cyber security controls and risk management
- Using security architecture principles, blueprints and Industry recommended approach in defining Cyber security transformation journey
- Assess and design layered security controls across the IT architecture stack, including data center, server, storage, network components and on-cloud hosting.
- Translate business and regulatory requirements into technical security controls and architectural guidance.
- Conducting Security Architecture Assessments in the domains such as DevOps, Encryption, network segmentation reviews, firewall and IDS/IPS rule analysis, endpoint, and others.
- Advise on the adoption of Zero Trust principles, particularly for infrastructure and network security zones.
- Linking cyber security to other consultancy offerings on risk management, resilience and IT transformation to provide holistic support to our clients.
- Conduct a current-state maturity assessment of the Security Operations Center in alignment with the SOC-CMMI model.
- Delivering small-/medium-sized engagements and participate as team member in large-scale engagements.
- Developing an understanding of KPMG’s broader offerings to enable identification of business opportunities.
- Supporting with presales and business development activities
- Developing constructive client relationships, both inside and outside of KPMG
- Building out and maintaining a professional network
- Being a trusted advisor and a role model for quality and risk management practices
- Upholding KPMG’s values by acting with integrity.
The Person
Track record within the industry showing an understanding of the business, threat and regulatory issues faced by clients (essential)
- Proven experience of understanding and managing aspects of cyber risk, including the assessment, analysis and reporting of cyber risk in a business context
- Proven knowledge and experience in delivering one of more of the following areas: security architecture (enterprise architecture, infrastructure, or application architecture), cloud security (assessments, privacy and regulatory risks, security frameworks and controls), DevSecOps methodology and tools, Security Configuration assessments, Identity and Access Management (IAM) concepts, security operations designs, etc.
- Proven experience in defining and/or implementing security controls across multiple layers of the IT architecture stack.
- Demonstrate expertise in designing, operating, and evaluating next-gen Cyber Security Operations Centers.
- Proven experience in designing and implementing security controls across traditional data center environments (e.g., VLANs, firewalls, proxies, NAC, VPNs).
- Proven experience in enterprise architecture practices and integration of legacy systems with modern controls.
- Proven experience in delivering cybersecurity services in a commercial environment
- Proven experience in delivering security in one or more of the following cloud service provider environments: Microsoft Azure, Amazon Web Services (AWS), Oracle Cloud Infrastructure (OCI)
- Proven ability to deliver work at sustained levels of high intensity, and inspire drive and resilience in others
- Proven ability to analyze problems, identify core issues and recommend appropriate solutions
Qualifications and Skills:
- Degree level qualified
- Cloud certifications (e.g. MS Azure and AWS Certification, etc.)
- Recognized cyber security qualifications (e.g., CISSP, CISM, etc.), or comparable experience.
- Recognized architecture qualifications (e.g., SABSA, TOGAF, etc.) (preferable)
- Vendor Specific Certifications such as NSE-8, CCIE, PCNSE and others.
- Excellent communication skills (both written and oral)
- Ability to interact with organizations at a senior level.
