KPMG Hiring For Technology Information Security GRC Senior at Gurugram Full Time

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Key Job Responsibilities:

I.InfoSec Governance role:

.Coordinate with various stakeholders at various office locations across India to ensure compliance and facilitate internal and external audits related to Information Security and Data Privacy, like ISO 27001:2013 and ISO 27701:2019, as well as ITGC (IT General Controls) for applications.

.Facilitate and liaise with various stakeholders to close all audit findings within time

.Undertake periodic compliance reviews of all InfoSec controls against defined policies. Provide periodic status reports to the management on the compliance status of the firm.

.Drive the remediation of control deficiencies

.Develop recommendations and strive for continuous improvement of InfoSec controls environment in the organization

.Assist in designing and establishing new security frameworks for various operational processes

.Responsible for keeping updated the ISMS policy/ procedure documents of the firm, after periodic review or any major changes in processes, and maintain an up-to-date repository of documents

.Assist in implementation/ enforcement of the security policy/ procedures across the firm

.Lead the information risk assessment across the organization

.Drive InfoSec awareness program across the firm through trainings, awareness mailers, other channels, etc.

.Assist in security process automation initiatives, wherever possible

.Undertake annual Business Impact Assessment (BIA) exercise for IT business continuity, with various functions for identification of critical applications and their RTO/ RPO. Facilitate setup of new applications in IT Disaster Recovery (DR) site. Ensure and facilitate annual IT DR drills.

II.Data Governance role:

.Rollout enterprise-wide data retention and disposal framework, through implementation of organization policies, processes, related tools and data architecture, to ensure that the data beyond a defined time (which is no longer in use) is disposed of.

.Assist in implementation of retention & disposal framework across IT applications (on prem and on cloud) and end user systems (structured and unstructured data).

.Serve as a liaison between business/ functional teams and IT teams to ensure that data retention framework requirements are met

.Ensure data availability as per the firm’s policy/ requirements – online, archival, backup and redundancy

.Liaison with the IT Infra team to ensure that the required Infra and architecture is maintained to support the above requirements

.Prepare and present periodic status reports/ updates to CISO, CIO and other senior management/ stakeholders

.Help drive continuous improvement and optimization of the processes. Assist in streamlining the related operational processes through automation initiatives.

Skill Requirements:

• Bachelor’s Degree in IT or cyber security or a related field required Master’s would be a plus
• Min. 2 years relevant experience (mandatory) of working in cyber security/ information security/ ISMS implementation or sustenance role
• In-depth knowledge (mandatory) of ISO 27001 standard and control requirements
• Knowledge of Data Privacy/ GDPR concepts and controls would be an added advantage
• Experience of performing InfoSec compliance reviews/ gap assessments.
• Prior experience of facing or being part of internal/ external audits related to ISMS or IT General Controls (ITGC) testing
• Strong understanding of IT Infra (mandatory) – storage/ databases, servers, VMs, network components and data structures
• Understanding of structured and unstructured data types
• Conceptual knowledge of data discovery, data retention & disposal, data lifecycle, etc. would be a plus
• CISA, CISSP, CISM, or any other certification related to ISMS/ Information Security would be a plus
• Knowledge of security related technologies (e.g. IDAM, PAM, Patch Management Tools, DLP, Antivirus, Firewalls, etc.)
• Exposure to, or at least a conceptual knowledge of, cloud environment security and VA/PT
• Experience of dealing with all levels of management and across different teams/ multiple stakeholders across regions and managing conflicts
• Excellent written & verbal communication, and PPT making skills
• Highly independent, with high ethical standards and integrity
• Excellent interpersonal and relationship building skills
• Working knowledge of SharePoint would be good to have