KPMG is a global network of professional services firms. Across 145 countries, 236,000 KPMG people provide Audit, Tax and Advisory services to a huge range of clients, from leading brands to public bodies, global multi-nationals and local businesses. KPMG had been working in Ukraine since 1992.
20 жовтня 2023

Information Security Officer (вакансія неактивна)

Київ

KPMG is a global network of professional firms providing Audit, Tax and Advisory services.

We operate in 143 countries and territories, and in FY22, collectively employed more than 265,000 people working in member firms around the world. KPMG is the brand under which the member firms of KPMG International Limited (“KPMG International”) operate and provide professional services. “KPMG” is used to refer to individual member firms within the KPMG organization or to one or more member firms collectively.

KPMG is committed to three key imperatives: quality of services, insight into the problems of our clients, and integrity in our business. It is these principles that drive our firms’ professionals to provide audit, tax, and advisory services that reflect global consistency and unwavering integrity. We will build and sustain our reputation as the best firm to work with by ensuring that our people, our clients and our communities achieve their full potential.

Based on KPMG International requirements to all MFs please find suggested skills for Security Liaison in MFs:

  • Bachelor degree in IT, computer science, risk management or a related field
  • Several years of experience in risk assessment and management
  • Strong skills in identifying, assessing and prioritizing potential risks
  • Ability to develop and implement risk management plans to mitigate or eliminate identified risks
  • CIS controls, NIST Cybersecurity Framework, ISO 31000, ISO 2700x, FAIR, OCTAVE, ISACA COBIT,
    SOC 2: SOC 2 (Service Organization Control 2)
  • Experience of developing and implementation of information security
    policies, standards, procedures etc.
  • Attention to details, ability to prioritize goals and task
  • Strong English writing and verbal skills, ability to understand technical
    English terms
  • CISM, CISA, CISSP would be a plus

There are Incident Response Skills (required as Incident Response is not fully operated outside of your MF):

  • To construct queries in hunting query language Kusto, studying basics of Kusto language and how to operate with MDE schemas.
  • To create custom detection rules for human-operated ransomware attacks (desirable).
  • Windows Event Log analysis during detection and triage.
  • Collaborate and maintain MDE incident response playbooks, studying basics of MDE using SC-200.
  • PaloAlto FW logs analysis to identify suspicious network events on the infrastructure, good knowledge of networking and TCP\IP stack, knowledge of OSI and general attacks on OSI.
  • Estimation of the scale of phishing/spam mailings based on MDE created quires.
  • Retrospective analysis of the threat and the formation of IOC\IOA according to the Timeline using MDE (desirable).
  • To make isolation of the infrastructure of infected devices from the network, experience with blocking and isolating devices in MDE.

In ideal world (not mandatory) to pass successfully next MS relevant exams (could be done in months after hiring)

https://docs.microsoft.com/en-us/learn/certifications/exams/sc-200

https://docs.microsoft.com/en-us/learn/certifications/exams/az-500

https://docs.microsoft.com/en-us/learn/certifications/exams/az-900

We Offer:

  • Dynamic international environment, with a great team of dedicated professionals and innovation leaders within one of the most world-known names in Consulting
  • Challenging assignments and transparent path of career and professional growth
  • Fair compensation and social package
  • International assignment opportunities