Jobs at KPMG South Africa

Description of the role and purpose of the job:

• KPMG is currently seeking an Analyst to join our Cyber Security consulting and technology assurance practice. Cyber Security is a part of wider Technology Assurance practice.
• The cyber security analyst is responsible for assisting with scoping, planning and executing Cyber Security internal audit and consulting reviews for a variety of complex client environments.
• Experience in performing IT/ Cyber Security reviews at internal audit and advisory clients are advantageous.

Key Responsibilities

• Applying appropriate methodologies and skills to test general IT and cyber security controls in order to execute on a variety of cyber security related engagements
• Research and apply leading practices to aid clients in mitigating emerging cyber security risks
• Document working papers and reports in line with expected quality requirements
• Adherence to firm and professional risk and engagement management processes
• Develop internal and external client relationships.
• Client liaison and problem solving.
• Ability to identify and convert potential business development / sales opportunities.
• Reporting of findings to key stakeholders, as well as investigating mitigating controls and procedures for control deficiencies.

Skills and attributes required for the role:

Skills:

• Ability to collaborate, learn and work with cross functional teams.
• Time management, discipline, accountability, self-motivation and eagerness are vital skills
• Ability to build sound internal and external relationships
• Enquiring mind and maintaining professional scepticism
• Analytical, stable and logical thinker
• Excellent client relationship development skills
• Conflict resolution skills
• Ability to work under pressure
• Proficiency in documentation, report writing and documentation, including self-review.
• Ability to identify potential business development / sales opportunities.
• Ability to effectively interact with individuals at all levels of responsibility and authority.
• Strong administration, troubleshooting, prioritisation, and organizational skills and able to work on multiple projects simultaneously.

Personal attributes:

• Good communication, writing and interpersonal skills.
• Team player
• Ability to adapt, multi-task and work on multiple engagement simultaneously.
• Ability to work under pressure while still delivering high quality work.
• Social skills, willingness and experience in being a team player and dealing with people from a various backgrounds and areas across the company, but also possess the ability to work independently

Minimum requirements to apply for the role (including qualifications and experience):

• IT or Cyber Security-related Bachelor's degree from an accredited college/university or equivalent experience.
• One to three years of Cyber Security Audit and Consulting experience is advantageous.
• Industry certification highly desirable (CEH, PenTest+, Security+, etc)
• Experience with technical and governance aspects of Cyber Security
• Familiarity with leading cyber security-related frameworks and standards (ISO, NIST, ISF, etc) – as well as the practical application thereof.
• Experience in business development including proposal writing, budgeting etc
• Experience with Operation Technology (OT) cyber security advantageous.

go to method of application »

Description of the role and purpose of the job:

KPMG is currently seeking a Manager to join our Cyber Security consulting and assurance practice based in Johannesburg.

• The KPMG Cyber Security practice is one of our fastest growing units. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, world-class training and market leading tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Technology Assurance.

Working with KPMG you will consult on client projects, translating business and customer needs into innovative business and technology solutions. You will identify changes and recommend solutions that will typically involve a combination of cyber strategy and security excellence outcomes. You will be exposed to a range of exciting projects across industry sectors and service lines including:

• Driving the linkage between business strategy and cyber security (and vice versa), to deliver meaningful outcomes
• Defining the technology strategy to create new streams of value in a business, and defining associated technology execution roadmaps
• Designing innovative technology solutions for improving cyber security posture and advise on reducing cyber risk
• Identify and assist client in meeting compliance requirement for and through cyber security
• Working closely with the local team and member firms to bring innovation to our existing capabilities to help KPMG remain at the forefront of strategy, operational excellence and technology practices and thinking
• As part of the role you will be expected to have detailed knowledge of security technologies and their application to addressing business challenges. The focus will be on delivering high quality engagement outcomes for our clients and maintaining productive client relationships that allow you to build strong professional networks over time.
• We believe in diversity of thought background and unique experience. You need to have a solid background in technology as well as consulting. You're passionate about technology and innovation, finding novel approaches to solve problems. You thrive in a collaborative and innovative culture and want to join a firm that values problem solvers, the kind of people who reimagine the possible for their clients and key stakeholders.

We are looking for people in this role with a passion for and / or experience in the following areas:

• Play a key role as subject matter expert in the business for offensive security services
• Perform Vulnerability assessments of Web applications, APIs, Networks, Mobile applications, Desktop, and Cloud infrastructure based on leading security frameworks such as OWASP and CREST
• Perform Penetration testing, red team and purple team assessments including infrastructure, wireless and applications. This includes related activities such as Malware Analysis, Social Engineering, Reverse Engineering, Database Security, Network Security and Threat Modelling.
• Perform security architecture assessments and configuration reviews on on-premise and cloud environments.
• Provide guidance on security architecture, assisting clients with reducing their attack surface and optimizing their cyber defensive capabilities to adapt to modern threats.
• Take responsibility for delivering high quality deliverables and outcomes for our clients. Ability to work as well as an individual and in a broader team environment, in line with our KPMG values.
• Analyse, workshop and present insights and recommendations enabled by strategic thinking, technical knowledge and strong and clear communication skills.
• Demonstrate an ability to translate complex technical results into business language through professional report writing.
• Knowledge of current and emerging IT security technologies.
• Maintain awareness of latest and common security threats, attack vectors and TTPs.
• Ability to diagnose and troubleshoot deep technical issues.

Key responsibilities:

• Take responsibility for leading technology based consulting/ assurance engagements, managing the day-to-day delivery effort and work of the delivery team.
• Provide subject matter expertise in the business for specific technical security domains.
• Engage in planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on client networks and applications.
• Support recovery efforts at impacted clients, helping them to minimize operational impact and resolve immediate defensive gaps.
• Develop next generation offensive security service offerings.
• Analyse, workshop and present insights and recommendations enabled by strategic thinking, technical knowledge and strong and clear communication skills.
• Support business development activities including the creation of compelling and differentiated value propositions in opportunity pursuits.
• Lead and coach others in engagements, and mentoring staff as they grow their capabilities, careers and client service impact. Performance management of colleagues to aid in their career growth.
• Extend the teams technical capabilities, toolsets and methodologies to ensure quality and efficiency.
• Maintain awareness of latest and common security threats, attack vectors and TTPs.

Minimum requirements to apply for the role (including qualifications and experience):

• A minimum of 5 - 8 years of experience in Information Security or in a technology related field. At least 2 years’ experience in leading a team in related subject matter.
• Bachelor's degree from an accredited college/university or equivalent experience.
• Advanced security related certifications such as CISSP, OSCP, OSCE or equivalent
• Strong experience in leading and conducting penetration tests, red team, purple team and technical vulnerability assessments.
• Experience in infrastructure, operating system (including AD) and application security assessments against leading benchmarks.
• Experience in conducting cloud security assessments (Azure, AWS, Google)
• Experience in Operational Technology security assessments will be advantageous.
• Demonstratable track record in security research and attendance/ presenting at cybersecurity conferences.
• Excellent written and verbal communication, facilitation, leadership, business development, and presentation skills
• Ability to travel
• Consulting experience from a well-established consulting practice preferred