Tech Risk & Third Party Risk Management

Function: IT Advisory

>> About KPMG in India

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Our professionals provide the experience to help companies stay on track and deal with risks that could unhinge their business survival. Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges and working in partnership with us, clients have the benefits of KPMG's experienced, objective, and industry-grounded viewpoints.

>> Job DesCRIPTION

=> Tech Risk and Regulatory compliance+ TPRM

-Technical

• Expertise in IT internal audit, Information Security/cybersecurity, IT SOX, Third Part Risk Assessment Reporting e.g., SOC1, SOC 2.
• Relevant expertise on CSA STAR requirements, ISO control, NIST Standards, PCI DSS and GDPR requirements.
• Experience in performing control testing, IT / infosec risk assessments, network security, Infrastructure assessments.
• Knowledge of technical domains such as cloud security and application security.
• Certification: CISA, CISSP, CEH, ISO, PCI DSS, NIST
• Having worked on Information Technology Risk Assessment areas such as – iSO27001, PCI-DSS, COBIT, etc.
• Knowledge and experience on Regulatory assessments for BFSI (E.g. RBI, SEBI guidelines based review). Global guidelines knowledge an advantage.
• Experience of handling IT audits and reviews – IT general Controls and IT Application Controls
• Good understanding of technology risk management concepts – Risk control matrix, threat assessment, risk appetite, risk quantification etc.
• Certification of CISA, CISSP, ISO27001 is added advantage.

-Soft Skills

• Good presentation and report writing skills is mandatory.
• Excellent communication skills and confident demeanor
• Experience of working with client stakeholders
• Good problem-solving skills.