1. Immerse yourself in our inclusive, diverse and supportive culture
2. Choose the way you want to work by embracing our flexible work arrangement
3. Collaborate with sector and technical experts to grow your knowledge and network
KPMG Australia is part of a global network providing extensive services across a wide range of industries and sectors. Our people collaborate, share their expertise and create innovation as we partner with clients to solve complex challenges, empower change, drive disruption and growth. We look for talented people with the potential to make an extraordinary difference for our clients, our firm and our communities.
KPMG’s Technology & Information Risk Management is your opportunity to be part of a team on the rise! Rapidly growing with many competent individuals with various technical backgrounds, the Security Risk team supports business stakeholders in bringing their ideas to life while helping them to shape the future of the firm, by exploring and embedding new forms of growth.
Your Opportunity
The role of the Information Security Risk Analyst at KPMG contributes to the improvement of the company's information security posture and provides support to various departments within the organisation in several ways:
4. Identifying and Managing Risks: The analyst helps in identifying and managing cyber security and other technology and information risks. This involves performing threat assessments to identify potential risks to the business and determining the preventative controls in place.
5. Enhancing Business Resilience: The analyst contributes to enhancing the organisation's business resilience by designing and implementing effective controls over technology assets. This helps in building the organisation's resilience and strengthening core controls to meet the challenges of technology and information risks.
6. Compliance and Governance: The analyst assists the organisation in meeting its IT compliance and governance obligations in a way that enhances business objectives. This includes developing continuous assurance and monitoring capabilities to optimise the use of resources.
In summary, the role of the Information Security Risk Analyst is crucial in maintaining KPMG's information protection agenda as the business and technology programmes evolve, providing greater visibility and understanding of changing risks.
Key Duties & Responsibilities:
7. Assess various domains aspects of information security risk for KPMG Australia and develop recommendations for improvement
8. Assess systems/solution/application architecture documents from a cyber security lens
9. Assist and at times lead, in providing information security reporting to local IT leadership, regional and global leadership
10. Assess risks and provide subject matter expertise associated with acquisitions, the onboarding of vendor solutions, technology, and services.
11. Recommend and ensure security controls are proportionate to mitigate threats
12. Lead initiatives to improve the security posture of the firm, increase efficiency and/or new ways to assess emerging technologies (such as AI, blockchain, quantum computing, and more)
How are you extraordinary?
13. You actively seek out opportunities for growth, are comfortable challenging the status quo, and enjoy getting out of your comfort zone.
14. You are passionate about the importance of fantastic communication to share ideas, inspire, and create change. You are able to digest, distil, and communicate complex concepts in both written and verbal forms.
Your Experience
15. Knowledge in security standards and frameworks, such as ISO27001, NIST 800-53, Cloud Services, Risk Management, Security & Privacy Controls
16. Knowledge of Cloud technologies and architectures (AWS and/or Azure)
17. Knowledge of various application architectures
18. Accreditation in one of the following, CISM, CRISC, CISSP or other relevant certifications, such as AWS or Azure cloud technologies would be advantageous