I'm looking for

Search results for "technology engineering"

Experienced Professional

Operational Resilience Assistant Manager - Technology Risk

Location: London

Service Line: RC Technology

View role

Experienced Professional

Third Party Risk Manager - Technology Risk - Financial Services

Location: London

Service Line: RC Technology

View role

Experienced Professional

Cyber - Security Operations Manager

Location: London

Service Line: RC Technology

View role

Experienced Professional

Cyber Security - Incident Response Manager

Location: London

Service Line: RC Technology

View role

Experienced Professional

Penetration Tester - Senior Manager

Location: London

Service Line: RC Technology

View role

Experienced Professional

Cyber Security - Incident Response Senior Consultant

Location: London

Service Line: RC Technology

View role

Operational Resilience Assistant Manager - Technology Risk

Location: London

Capability: Risk Consulting

Service line: RC Technology

Experience level: Associate/Assistant Manager

Employment type: Full Time


The main duties and responsibilities of the role:
- Delivering operational resilience services to the financial services sector
- Developing industry and technical expertise and be positioned as an operational resilience SME for the FS sector
- Identifying anticipating and recommending the need for changes to resilience methodologies in response to changing risk profiles and regulatory expectations
- Ensuring KPMG quality protocols and risk management requirements are implemented and complied with internally and on client engagements
- Building relationships with clients and other departments to further develop and mature KPMG’s operational resilience offering
The skills, qualifications and experience required for the job:
- Proven experience of managing risk within a financial services business
- Proven experience of undertaking business continuity management controls testing
- Proven experience of implementing operational risk management frameworks
- Proven experience of facilitating disaster recovery tests
- Proven experience of incident and crisis management planning
- Proven experience of conducting business impact assessments

Third Party Risk Manager - Technology Risk - Financial Services

Location: London

Capability: Risk Consulting

Service line: RC Technology

Experience level: Manager

Employment type: Full Time


The Team

The Financial Services Technology Risk Consulting team is focused on providing consultancy, advice and assurance on our clients' technology risks and controls. The market is evolving at pace and innovating, whilst embracing the digital age. We are building out our team to advise clients on emerging and legacy technology risks and controls. We are focused on project and programme risk, operational and technology resilience, technology risk and control, impact of regulatory change on data and technology and third party risk management. All underpinned by analytics. We deliver our work through consulting projects, focused on risk and control assurance, as well as projects with 2nd and 3rd lines of defence.
The Role

• Building global relationships and actively seeking out the global networks best experts to address client needs
• Communicating compelling and well thought out solutions to complex problems
• Building constructive working relationships across different teams, functions, countries or cultures
• Work with Partners and Directors in delivering risk services to the Financial Services sector with particular focus on Third Party Risk Management
• Oversight of delivery of Third Party Risk Management consulting projects - including reviews of maturity, process, governance and operating model. Advice on automation and tooling, conulting advice on regulatory requirements and expectations on Third Party Risk Management. Oversee and deliver end to end supplier assurance projects and Third Party Risk Management transformation projects
• Assume ownership of key client relationships, identify revenue-generating opportunities and get involved in business development activities.
• Build and develop relationships with key market contacts
• Develop industry and technical expertise and be positioned as an Third Party Risk Management SME for the Financial Services sector
• Identify, anticipate and recommend the need for and make changes to third party risk management methodologies and related services in response to changing risk profiles and regulatory expectations
• Build relationships with other departments to further develop and mature KPMG's Third Party Risk Management offering
• Understand the Financial Services industry - key performance drivers, emerging technical and industry developments
The Person

• Recognises the importance of continuous self and team development and actively strives to achieve this.
• Helps others to understand how their work contributes to the overall success of an engagement and the wider firm
• Fosters a sense of self belief and confidence in others
• Seeks to understand others motivations
• Supports others to make brave decisions
Qualifications and Skills
• Proven experience of successfully managing and delivering risk and controls assessments.
• Proven experience of implementing Third Party Risk Management frameworks in large Financial Services organisations
• Thorough understanding of Third Party Risk Management and experience of developing Third Party Risk Management programs for Financial Services organisations
• Extensive knowledge and insight of regulatory requirements and expectations on Third Party Risk Management and wider risks
• Extensive knowledge of related regulations
• Degree/masters qualification in IT
Experience and Background
• Experience of building Third Party Risk Management programs in the Financial Services sector from the ground-up
• Experience of the end to end procurement lifecycle
• Extensive experience of working with UK regulators to provide knowledge and insights on regulatory thinking on third party risk management
• Experience of reviewing Third Party Risk Management for banks and/or insurers and providing gap assessments and remediation plans
• Experience of managing business and IT stakeholders from across the business and all levels of seniority, including CIO, CFO and CISO
• Ability to identify and assess IT risks and controls, to relate them to the wider business environment and to express opinions clearly to all levels
• Strong understanding of Financial Services sector
• A good understanding of technology platforms
• Strong leadership skills both on engagements and in an office environment
• Ability to play an active role in the business development process
• Ability to present on specific subjects to a large group of people
• Strong analytical skills and ability to adapt to changing circumstances
• Demonstrate professional scepticism - proven track record of constructively challenging clients to drive best results
• An aptitude for embracing and adapting to new technology
• Ability to spot opportunities to add value to clients and work with colleagues in other lines of service to help clients
• Ability to work flexibly in terms of working hours to accommodate tight timelines and manage well under pressure

Cyber - Security Operations Manager

Location: London

Capability: Risk Consulting

Service line: RC Technology

Experience level: Manager

Employment type: Full Time


The Role

•You will be working as a consultant in KPMG’s expanding Security Operations practice.
•As a Security Operations consultant, you will help our clients in solving some of the key challenges faced by security operations leaders.
•The work would involve advising our clients on Security Operations Strategy, Design, Maturity Assessment, and Optimisation.
•You will get a chance to learn new skills, certifications and work with some of our key alliance partners, including some the largest security vendors in the industry
•You will be working in a dynamic environment and engage with leading companies around the world.

Requirements
•Hands on experience in a Security Operations Centre
•Alternatively, consulting or advisory experience in Security Operations.
•Operational level experience in some of these domains (not all): security engineering, alert triaging, rule writing, incident response, DFIR, threat intelligence and management, vulnerability management, and security control testing
•In-depth knowledge of at least one SIEM platform or security data lake and related processes
•Knowledge of various security tools, their functions and comparisons
•Knowledge of network and cloud security fundamentals
•Ability to explain complex technical concepts in business terms
•Extensive experience in report writing and presentation

Good to have:
•Previous experience in cyber project management
•Part of a large transformation and implementation project
•Hands on experience with ServiceNow and ServiceNow SecOps
•Experience with any other Incident Response or SOAR tool
•A network of other security professionals and relationships in the industry

Qualification and certifications (good to have but not mandatory)
•Bachelor degree in Information Security, Computer Science, Engineering, Technology or a similar degree
•Any SecOps related certifications, including security vendor certifications
•Good to have - at least one of the following certifications – CISSP, CISM, CCSP, GIAC certifications or an equivalent security certifications


Cyber Security - Incident Response Manager

Location: London

Capability: Risk Consulting

Service line: RC Technology

Experience level: Manager

Employment type: Full Time


The Role

This role will be working in the Cyber Response Services (CRS) Team, reporting directly into the head of cyber response. Cyber security is one of the areas which KPMG has identified for tremendous investment and growth. Our clients face a challenging cyber threat and look to us to help them understand and respond to that threat.
This is a hands-on and operational management role with opportunities to grow into service line leadership.
In this role we are looking for a person who can demonstrate strong technical background, significant experience in incident response and digital forensics and is looking to grow into an incident response leadership role as part of a growing team. You will be expected to lead a number of incident response case managers and practitioners, as well as have the opportunity to work with, and learn from, the service leadership as part of your continuous development.
When not responding to incidents, you may be helping our clients to build their in-house incident response capabilities, which could include: building and developing cyber-response tools, authoring and adapting runbooks/playbooks, assessing the incident response maturity, assisting in table-top cyber-scenario exercises. When not engaged in client work, you will be helping to develop our own delivery capability, including operational efficiency, standard operating procedures, team learning and development, tooling and platforms, lab development and orchestration.
Candidates should have a proven track record of incident management, with a strong competency in digital forensics. KPMG will provide training and coaching to help you continually improve both your management and technical skills. Strong technical competency and experience of managing a range of complex cyber incidents; from ransomware to advanced network intrusions is a pre-requisite. Our clients expect that cyber-incidents will be tackled with urgency, therefore, there is an expectation that you will be flexible in terms of working hours. In addition, you should be prepared to travel on short notice for periods up to 2 or 3 weeks at a time. Above all, KPMG is looking for someone who is passionate about helping our clients with their cyber security challenges, often at a time of critical need. In return, we are committed to helping you to enjoy the role and develop your skills and career within the KPMG with the objective of progressing into a senior leadership role.

Responsibilities
• Manage and co-ordinate cyber security incidents for our clients, working closely with the head of cyber response.
• Digital forensics of relevant incident data (disk, volatile memory, network packets, log files).
• Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them.
• Manage the development of KPMG’s in house cyber-response tools.
• Assess client incident response capability maturity.
• Help stand-up or improve clients’ own incident response capabilities.
• Project management of engagements to deliver high quality work in a timely manner, including:
• Scoping and costing of engagements
• Financial management of projects
• Engagement and risk management
• Production and review of deliverables to a high standard.
• Liaising with clients on delivery, implementation and project issues.
• Ability to generate well-structured responses to bids and requests for proposals.

The Person

Extensive experience in cyber-security and incident response. For example: You should be able to guide a client through a unstructured incident response process (such as an advanced network intrusion) – managing resources and defining objectives at each stage of the incident response process; scoping and triage, containment, evidence preservation and extraction, eradication, recovery, forensic analysis and investigation.
• A broad understanding of the cyber security threat landscape.
• Strong technical background in computers and networks, and programming skills.
• Significant and proven experience of dealing with cyber security incidents and associated response measures.
• Experience of managing a rapid deployment incident response team.
• Excellent interpersonal, written and communication skills.
• Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
• A genuine interest and desire to develop and mention junior team members.
• Strong attention for detail and the ability to manage multiple simultaneous cases.

Qualifications and Skills

The successful candidate will demonstrate competency in computing and networks as well as in cyber-security either by having the relevant work experience, completed a degree or obtained industry relevant certification. Therefore the qualifications below should be seen as means to demonstrate competency and not as a requirement.

• Excellent communication skills (both written and oral) and project management skills.
• Strong IT and network skills – knowledge of common enterprise technologies – Windows and Windows Active Directory, Linux, Cisco, etc.
• Working programming skill-set to be able to author and develop tools. Most in-house security tools in KPMG are written in Python, but we accept that a competent programmer will be able to transfer skillsets across languages.
• Technical proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamic malware analysis / reverse engineering, advanced mobile device forensics
• Advanced experience in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWorks, and/or Cellebrite
• Advanced experience in preservation of digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS)
• Experience with and understanding of enterprise Windows security controls
• (Preferred) Degree level qualified, MSc in Information Security, IT or relevant STEM subjects.
• (Preferred) General information security certificates such CISSP, CISM or CISA.
• (Preferred) Incident management certifications such as:
• CREST certified incident manager (CCIM).
• GIAC Certified Incident Handler (GCIH)
• (Preferred) Digital forensics certificates such as:
• CREST certified registered intrusion analyst (CRIA),
• CREST certified network intrusion analyst (CCNIA),
• CREST certified host intrusion analyst (CCHIA),
• CREST certified malware reverse engineer (CCMRE),
• GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)
• (Preferred) A current government security clearance (SC/DV) or willingness to acquire such a clearance will be seen as an advantage.

Penetration Tester - Senior Manager

Location: London

Capability: Risk Consulting

Service line: RC Technology

Experience level: Senior Manager

Employment type: Full Time


The Role
Do you want to “hack the gibson?” Do you enjoy playing a “nice game of chess”? If we said “hack the planet” would you be able to tell us the film? At KPMG we are looking for a Senior Manager who lives and breathes hacking and information security. You will have earned your stripes doing CHECK work in data centres and be ready to, or already skilled in leading teams of talented testers.
In return we will provide some of the UK’s most unique government and commercial engagements for you to cut your teeth on and a friendly, passionate team to develop and grow.
The KPMG’s Cyber Defence (CDS) Team conducts client facing technical assurance and penetration testing and has a long and successful history in KPMG. Our clients are diverse, and we cover many sectors with specialisms in Financial Services, High-end Defence Assurance and Telecommunications. We work closely with the NCSC developing new schemes such as Cross Domain Solutions Testing (https://www.ncsc.gov.uk/blog-post/ncsc-cross-domain-industry-pilot-stage-2) and are members of all current NCSC and CREST testing schemes - as a result we conduct interesting and challenging work that isn’t on offer elsewhere.
Our team is made up of skilled individuals at different stages in their careers, centred around three locations in Leeds, Bristol and London, therefore we can offer flexibility in base location, as well as embracing remote working and team management.
Responsibilities
As this is a senior role, we want your business brain as well as your technical hacking skills. You will have ideas of how to drive the business forward and be skilled in the commercial aspects of security testing, above all you will know what clients are looking for when they buy security testing and how to deliver it.
Aspects of the role include:
• Management and delivery of penetration testing services to clients to include the following:
o Scoping
o Financial and risk management
o Delivery of testing and the oversight of testers
o Review of deliverables (QA)
• Coaching and developing team members through sharing of experience and knowledge.
• Performance management of junior staff.
• Continuous development of self and team, including managing client feedback.
• Monitoring quality of service and products to clients and carrying out improvement or development as necessary.
• Actively identifying and progressing business development opportunities, as well as managing sales activities such as proposal writing and assisting with client presentations and debriefs.
• Developing constructive client relationships, both inside and outside of KPMG.
• Developing an understanding of KPMG’s broader offerings to enable identification of business opportunities
Experience and Background

Required:
• Passion for Hacking!
• Clear and demonstrable understanding of red-teaming/penetration testing, including NCSC and CREST accredited schemes such as xBEST, STAR/STAR-FS, CHECK.
• Proven experience of successfully managing and delivering testing engagements on time and to budget.
• Proven experience working within the UK cyber security industry
• Demonstrable understanding and practical application of information security principles
• Strong technical background in computing, networks, and programming.
• Proven experience of producing high quality deliverables working alone and as part of a team.
• Excellent communication skills (written and verbal)
• Experience leading, coaching and mentoring highly technical teams
• A genuine interest and desire to work with large multi-national clients in the information security field.
Advantageous:
• Knowledge of NCSC CTAS and CPA Assurance Schemes
• Knowledge of working in secure environments (List X facilities) and accredited labs (ISO17025)
• Research and Development experience
• Threat Intelligence experience
• Standing and positive reputation in the information security community is seen as a plus.
Qualifications and Skills

Qualifications are a good way to demonstrate knowledge but are not the be all and end all, our team is made up of many individuals with diverse backgrounds who all share the “hacker mindset”.
If you have the experience, then we want you to apply. Didn’t do a degree in information security? A-Levels weren’t as good as you hoped. Haven’t attended every SANS course going, we don’t mind!
For this role we only have two formal requirements.
• CREST CCSAS qualification or be working towards CCSAS and ready to sit soon.
• UK Government Security Clearance – the ability to apply for and hold SC is required, DV is advantageous.
Above all, KPMG is looking for someone who is passionate about helping our clients (including the UK Government) with their cyber security challenges. In return, we are committed to helping you enjoy the role and develop your skills and career within the KPMG network.

Cyber Security - Incident Response Senior Consultant

Location: London

Capability: Risk Consulting

Service line: RC Technology

Experience level: Associate/Assistant Manager

Employment type: Full Time



The Role

The role will be working in the Cyber Response Services (CRS) Team within our Risk Consulting practice. Cyber security is one of the areas which KPMG has identified for tremendous investment and growth. Our clients face a challenging cyber threat and look to us to help them understand and respond to that threat.
This is a hands-on role with opportunities to grow into management. The successful candidate is expected to manage cyber-security incidents as well as perform digital forensics (disk, volatile memory, network packets, logfiles) and help advance KPMG’s proprietary in-house toolkit.
In this role we are looking for a person who can demonstrate strong technical background, experience in incident response and digital forensics and is looking to grow skills and experience. You will be expected to lead one or two analysts to achieve a task in a project, as well as have the opportunity to work with, and learn from, our most experienced team members as part of your continuous development.
When not responding to incidents, you will help our clients to build their in-house incident response capabilities, which will include: building and developing cyber-response tools, authoring and adapting runbooks/playbooks, assessing the incident response maturity, assisting in table-top cyber-scenario exercises.
We will welcome applications from candidate with a good competency in incident management, but with a developing competency and keen interest in digital forensics, or vice versa. KPMG will provide training and coaching to help you continually improve you skills. Strong technical competency - intermediate systems administration skills and programming skills to develop tools, however, is a pre-requisite.
Our clients expect that cyber-incidents will be tackled with urgency, therefore, there is an expectation that you will be flexible in terms of working hours. In return, KPMG will offer flexible working hours and work from home days for employees who have demonstrate reliability in delivery. For example, if you are writing a post-mortem report or working on a run-book, you can do so from home.
Above all, KPMG is looking for someone who is passionate about helping our clients with their cyber security challenges, often at a time of critical need. In return, we are committed to helping you to enjoy the role and develop your skills and career within the KPMG.

Responsibilities:
• Help manage and co-ordinate cyber security incidents for our clients, working closely with the incident management lead within the team.
• Digital forensics of relevant incident data (disk, volatile memory, network packets, log files).
• Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them.
• Develop KPMG’s in house cyber-response tools
• Help assess client incident response capability maturity.
• Help stand-up or improve clients’ own incident response capabilities.
• Help with project management of engagements to deliver high quality work in a timely manner, including:
• Scoping
• Basic financial management
• Engagement and risk management
• Production and review of deliverables.
• Liaising with clients on delivery, implementation and sales issues.

The Person

This position is well suited for an individual with significant experience in cyber-security and incident response. For example: a very common type of incident is ransomware on a single workstation/laptop. You should be able to guide a client through a structured incident response process – triage, containment, eradication and recovery. If you are provided with forensic data such as: disk image, memory image and network data capture or proxy logs, you should be able to identify malware artefacts, source of infection and use online research to identify malware family.
• A broad understanding of the cyber security threat landscape.
• Strong technical background in computers and networks, and programming skills.
• Experience of dealing with cyber security incidents and associated response measures.
• Experience of being part of an incident response team, either holding a formal role, or being able to evidence your personal contribution to the team.
• Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
• A genuine interest and desire to work in the information security field.
• Standing and positive reputation in the information security community is seen as a plus.

Qualifications and Skills:
The successful candidate will demonstrate competency in computing and networks as well as in cyber-security either by having the relevant work experience, completed a degree or obtained industry relevant certification. Therefore the qualifications below should be seen as means to demonstrate competency and not as a requirement. The desired skill and qualification is provided below:
• Excellent communication skills (both written and oral) and project management skills.
• Strong IT and network skills – knowledge of common enterprise technologies – Windows and Windows Active Directory, Linux, Cisco, etc.
• Working programming skill-set to be able to author and develop tools. Most in-house security tools in KPMG are written in Python, but we accept that a competent programmer will be able to transfer skillsets across languages.
• Technical proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamic malware analysis / reverse engineering, advanced mobile device forensics
• Advanced experience in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWorks, and/or Cellebrite
• Advanced experience in preservation of digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS)
• Experience with and understanding of enterprise Windows security controls
• (Preferred) Degree level qualified, MSc in Information Security, IT or relevant STEM subjects.
• (Preferred) General information security certificates such CISSP, CISM or CISA.
• (Preferred) Incident management certifications such as:
• CREST certified incident manager (CCIM)
• GIAC Certified Incident Handler (GCIH)
• (Preferred) Digital forensics certificates such as:
• CREST certified registered intrusion analyst (CRIA)
• CREST certified network intrusion analyst (CCNIA)
• CREST certified host intrusion analyst (CCHIA)
• CREST certified malware reverse engineer (CCMRE)
• GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)
• (Preferred) A current government security clearance (SC/DV) or willingness to acquire such a clearance will be seen as an advantage.

Search and apply

Let your curiosity guide you. Search and apply to our open opportunities.

Student community

Join our student community to stay up to date with programmes.

This website uses cookies that provide necessary site functionality and improve your online experience. By continuing to use this website, you agree to the use of cookies. Our cookies notice provides more information about what cookies we use and how you can change them.

Back to top