Information Security Audit Specialist

OVERVIEW KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment

Responsibility :

Seeking a highly skilled Cyber Security Auditor with expertise in auditing cyber security Process, risks and controls. A strong understanding of industry frameworks such as NIST (e.G., NIST CSF, NIST 800-53) and hands-on experience in assessing cybersecurity risks, governance controls, and technical security measures. This role involves validating control effectiveness, performing closure verification / issue validation to strengthen cyber security posture. Key Responsibilities :

• Conduct assessments of cyber security risk and controls across network security, application security, vulnerability management, and governance controls. - Perform closure verification and issue validation for security findings, ensuring remediation aligns with risk reduction objectives. - Evaluate vulnerability management programs, patch management processes, and threat intelligence integration. - Review and test governance controls related to cyber security policies. - Strong understanding of NIST frameworks (CSF, 800-53), ISO 27001, CIS Controls, and regulatory requirements. - Technical expertise in network security, firewalls, intrusion detection / prevention systems (IDS / IPS), SIEM tools, and endpoint security. - Hands-on experience in application security, vulnerability management, patch management, and security monitoring. - Strong knowledge of network protocols (TCP / IP,

SSL / TLS, DNS, VPN, etc.) and secure configurations. - Familiarity with cloud security controls (AWS, Azure, GCP) and DevSecOps principles. - Professional certifications such as CISA, CISSP, CISM, CRISC, CEH, or GIAC certifications (GCIH, GCFA, GPEN) are highly desirable. - Stay up to date with emerging cyber threats, attack techniques, and regulatory requirements impacting security controls

Qualifications :

Equal employment opportunity information :

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex / gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.