Assistant Manager - IT Audit

KPMG in India a professional services firm is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms providing detailed knowledge of local laws regulations markets and competition. KPMG has offices across India in Ahmedabad Bengaluru Chandigarh Chennai Gurugram Hyderabad Jaipur Kochi Kolkata Mumbai Noida Pune and Vadodara.
KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid performancebased industryfocussed and technologyenabled services which reflect a shared knowledge of global and local industries and our experience of the Indian business environment

IT Advisory Risk Consulting IT Audit & Assurance
KPMGs IT Advisory Risk Consulting team is looking for Associate Consultants/ Consultants/ Assistant Managers to join their IT Audit & Assurance team in Bengaluru. Team provides Independent assurance on controls in place across clients IT environment and ways to mitigate Technology risks.
Following are some of our key solution offerings
Risk Based IT Internal Audit
IT SOX 404 Controls Testing Quality Assurance
Internal Financial Controls related to IT General Controls
IT General Controls as part of Financial Statements Audits
IT Risk & Control SelfAssessment
Business Systems Controls / IT Application Controls
Auditing Emerging Technologies such as Cloud Security Intelligent Automation RPA IoT etc.
IT Attestation (SOC1/SOC2/ISAE 3402 ISAE 3000 etc.
Third Party/Vendor Risk Assessments

Position: Consultants/ Assistant Managers

Location: Bengaluru
.

Industry Experience:
Plan budget and execute the daytoday activities of infrastructure audit engagements for clients
Assess clients security landscape assess evaluate and recommend most suitable security solution tools & techniques to create a threat resilient landscape using KPMG differentiated approach and methodologies. Provide security concept framework & standards for development & support client teams for the solution design customization build and roll out to end users.
Perform a holistic security risk assessment of the clients IT landscape taking various assets threats vulnerabilities business impact & legal aspects into consideration. Designing and implementing controls to mitigate identified risks by lucid communication to client stakeholders. Effective persuasive/convincing abilities while communicating gaps detected during audits risk assessments attestation engagements.
Collaborate with other practice groups to review the effects of new threats and vulnerabilities in the security space to assess remediate test and protect client application artefacts data and enterprise ecosystems from threat vectors as they emerge.
Work with other technology groups to provide cohesive solutions in Risk assessments Financial statement audits Attestation engagements encompassing network architecture application database standards and implementation related mandates for development deployment and maintenance.
Manage teams delivering coworking discovery workshops & support delivery teams to provide assessment remediation testing and standards refresh for the application security practice.
Present and distill complex Security solutions into simple easy to understand concepts for both technical and nontechnical audiences especially in the context of opportunity pursuit.
Drive Innovation through Offerings: Drive profitable growth through the of the strategy and the strengthening of the audit and assurance practice
Building innovative & collaborative solutions to bring combined offerings such as security related combinations with J2C API Data security as advisory & footprint to capture opportunities & illustrate convergence
Bring the audit and assurance practice to life to achieve sales and commercial opportunities in a collaborative ecosystem and follow through with support for cost effective high quality .
Additional Responsibilities for Assistant Managers:
Supervise associates and interns on engagements
Serve as a liaison between financial services clients and upper management
Establish and sustain longterm profitable client relationships that drive value creation delivery excellence and a positive client work environment
Works with the client to minimize delivery disruptions and effectively manages client urgencies

Engineering / MBAs with atleast 6 years of experience
3 years of experience with hands on exposure to Infrastructure / Mobile/ Web application security spanning across various technologies.
Working level familiarity of advanced security assessment concepts including but not limited to Malware analysis OT/ICS security Cloud security security in IoT Blockchain RPA and emerging technologies etc.
Working level familiarity with Static and Dynamic Analysis tools (SAST DAST IAST). Ability to manage deployment & use of OWASP tools and methodologies.
Ability to elucidate vulnerabilities and weaknesses in the OWASP Top10WASCTCv2 SANS Top25 and CWE25 to client IT/ISO audiences and discuss effective defensive techniques.
Comprehensive understanding and previous oversight of IT hardware software networking databases API services J2C storage licensing and related hosting needs.
Infrastructural configuration reviews to identify the security related gaps within the IT environment
Preference would be given to significant experience in relevant technical knowledge: (a) financial statement IT Audits; (b) IT internal or IT operations audits; (c) IT SOX engagements (d) Emerging Technology Risks (e) Data Privacy and PCIDSS risks
Good to have add on skills Working level familiarity with relevant vulnerability scanning tools (e.g. Qualys Nessus Nexpose Saint or any other open source tools). Working level familiarity with web application vulnerability scanning tools (e.g. IBM AppScan HP Fortify Accunetix NTO Spider Burpsuite Pro or any other open source tools) SIEM tools (SolarWinds Splunk LogRhythm IBM QRadar)
Ability to understand/identify best practices for infrastructure process and controls.
CISA CISM CISSP CRISC TOGAF certifications would be an added advantage
Prior experience in client facing / account management roles
Possess strong domain knowledge understanding of IT processes supporting business and possible risks in operations of at least two industry sectors
Demonstrate integrity values principles and work ethic and lead by example
Selection Process

Candidates should expect 23 rounds of personal or teams interviews to assess fitment and communication skills.


What is expected of you

Speak to the candidate and ascertain interest and fitment
Mail your referrals to Sushma Singh with the subject line KPMG India IT Advisory Bangalore. At the same time all employees can refer a candidate through the Global Applicant Tracking System (ATS) on the Careers Page and tag their resumes to vacancy
The employee needs to direct the candidate he/she is referring to register their candidature on the Careers webpage. The mandatory fields must be completed for the application to be submitted
During the registration process the candidate will be asked for the source of referral which includes the name and KPMG email ID of the referrer. This must be furnished by the candidate to validate the referral
Candidates who have been interviewed in the last 6 months need not apply again
Once the application is submitted the referrer will get the form known as the Referrer Verification Form which they will have to fill and send back to the email ID they received it from.
Please refer candidates whom you know personally and can vouch for.

Equal employment opportunity information

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color caste religion age sex/gender national origin citizenship sexual orientation gender identity or expression disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.