I'm looking for

Using a wide variety of technical and sector-specific skills, KPMG's Risk Consulting group proactively helps clients increase profits whilst reducing reputational, operational, financial and other risks. We are experienced in managing diverse issues including fraud, regulatory compliance, risk frameworks and modelling, capital efficiency, corporate governance, dispute resolution, deriving value from contracts and much more.

Technology - Our clients need to deal effectively with technology related risks and derive maximum value from data and documentation. Our specialists provide independent, jargon free advice and advanced technology capabilities to help our clients proactively manage their technology risks and use their data to its full potential.

The Role
The role will be working in the Cyber Defence Services (CDS) Team within the cyber security department which is part of the Risk Consulting practice. Information Protection is one of the areas which KPMG has identified for tremendous investment and growth. Our clients need to deal effectively with technology related risks and derive maximum value from data and documentation.

Responsibilities
• Delivery of penetration testing and incident response services to clients
• Project management of small engagements and end-to-end and support on larger engagements to deliver high quality work in a timely manner to include:
• Scoping
• Financial management
• Engagement and risk management
• Production and review of deliverables
• Liaising with clients on delivery, implementation and sales issues.
• Developing constructive client relationships, both inside and outside of KPMG
• Coaching and developing team members through sharing of experience and knowledge
• Supporting leadership of the team in the embedding effective working practices

Experience and Background
• Proven experience or working within the penetration testing industry
• Experience of dealing with cyber security incidents and associated response measures
• Proven ability to identify and assess complex information protection risks and controls
• Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
• Experience in and an understanding of the Cyber risks faced by clients within a specific industry and the impact to their business
• A genuine interest and desire to work in the information security field

Qualifications and Skills
• Degree level qualified, MSc in Information Security, IT or relevant subject (preferred)
• Must have the following qualifications CREST Registered Tester (CREST CRT) and Offensive Security Certified Professional (OSCP)
• Must have experience in Vulnerability Assessment and Penetration Testing
• Must have experience with Web Application Security Testing
• Must have experience of performing Cyber Maturity Assessments
• Excellent communication skills

The Role
You will play a leading role within the Cyber Defence Services (CDS) team, helping drive the development of the business and taking responsibility for the oversight and delivery of some of our most demanding penetration testing and red team engagements. As a manager you will help raise the profile of the team, play a key part in making sure that we develop new CDS service offerings and help coach and mentor team members.

Responsibilities
Management and delivery of penetration testing services to clients to include the following:
o Scoping
o Financial management
o Engagement and risk management
o Production and review of deliverables.
- Reporting technical issues in business terms
- Developing constructive client relationships, both inside and outside of KPMG.
- Developing an understanding of KPMG’s broader offerings to enable identification of business opportunities
- Actively identifying and progressing business development opportunities, as well as managing sales activities such as proposal writing and assisting with client presentations.
- Role modelling risk and engagement management practices.
- Coaching and developing team members through sharing of experience and knowledge.
- Continuous development of self and team, including managing client feedback.
- Monitoring quality of service and products to clients and carrying out improvement or development as necessary.
- Performance management of junior staff

The Person
- Proven experience of successfully managing and delivering projects on time and to budget.
- Proven experience working within the industry
- Clear and demonstrable understanding of penetration testing, including CESG accredited schemes such as CBEST, STAR, CPA, CHECK and CTAS. OSCP, CCSAS/CCSAM
- Demonstrable understanding and practical application of information security principles
- Proven experience of producing high quality deliverables working alone and as part of a team.
- Excellent communication skills
- Proven experience of secure coding practices
- Reverse engineering experience desirable

Qualifications and Skills
- Degree level qualified, MSc in Information Security, IT or relevant subject (preferred)
- Web-application penetration testing experience preferred
- Programming skills, .NET
- Excellent communication skills (both written and oral) and project management skills
- Clearances required – eligibility for SC or DV is desirable

The Team

Forensic Technology (FTech) supports clients and their legal advisors in response to litigation, civil
disputes, investigations, regulatory, and M&A matters. FTech assist their clients through the
preservation, collection, processing, reporting, and analysis of electronically stored information (ESI)
such as emails, chat messages, and electronic documents.

The projects are often time critical and include global clients with footprints around the world,
providing opportunities to work with other overseas offices including on site attendance. Many
projects have a significant impact on our clients’ businesses and communities, with matters
occasionally featuring on international headlines.

FTech are looking for data specialists who are able to extract, store, enhance, and investigate large
volumes of unstructured data by leveraging market-leading technologies and methodologies.

The Role

Data analysts support the delivery work on a range of engagements. This will include:
- Responding to client requests and queries with supervision from project managers.
- Creating and updating data trackers, dashboards, and reports.
- Verifying, validating and analysing data that has been collected or received from clients.
- Preparing and normalising unstructured data from a range of data sources: email, electronic
documents, instant messaging, chat data, audio data and more.
- Assisting with forensic data collections.
- Maintaining and updating procedural documentation.
Other duties:
- Delivering client based training on our review systems via WebEx or to an audience.
- Contributing to business development through market research, consolidating credentials,
and creating slide decks.
- Assisting with evidence and media tracking.
- Researching and testing new software.

The Person

Strong candidates would have exposure to a combination of the following career profiles, or deep
expertise in at least one specialism. Successful candidates will not be expected to only stick to their
backgrounds; team members are encouraged to widen their horizons and take advantage of
available development opportunities.
Data Analytics
- Familiarity with creating dashboard visualisations using Tableau, Qlikview, PowerBI, Kibana,
etc.
- Good understanding of data querying methods to produce reports from Microsoft SQL
Server.
- Experience in simple data transformation using Excel, Alteryx, scripts, and/or regular
expressions.
- Understanding of best practices for database schemas and data normalisation.
- Able to clearly communicate and explain findings from data analysis to non-technical people.
- Background in statistics, databases, information management, economics, business intelligence, and related areas.
Application Integration
- Experience in integrating systems and applications through APIs, e.g. REST, and XML/JSON.
- Proficiency in programming languages such as C#, Java, Ruby, Python, and VBA.
- Understanding of software development methodologies and tools, e.g. IDEs, Git, Agile, unit tests.
- Proven ability of translating business needs into technical requirements.
- Knowledge of SQL and database operations would be advantageous.
- Background in computer science, software development, mathematics, and related areas.
Computer Forensics and E-Disclosure
- Worked in a professional services environment assisting with the delivery of eDisclosure/Investigations.
- Knowledge of the Electronic Discovery Reference Model (EDRM) lifecycle.
- Familiarity with forensic best practices, e.g. evidence handling, chain of custody, metadata preservation, etc.
- Experience in handling and analysing unstructured data sources such as emails, network shares, and laptops.
- Experience in liaising with clients on basic requests and delivering software training.
- Proficient in eDisclosure tools such as EnCase, Nuix, Relativity, Recommind, Ringtail, or similar.
All candidates are expected to have a number of the following qualities:
- Excellent written and communication skills.
- Demonstrated ability to think through and solve problems independently.
- Proactive in taking ownership of tasks and managing expectations.
- Keen to learn industry-specific software and in-house processes.
- Able to work in a high-pressured environment.
- Experience in a professional environment or role is desirable.

The Role

We are looking for a competent and experienced Manager specialising in Identity & Access Management (IAM) who will be responsible for developing and delivering complex and innovative solutions whilst reducing reputational, operational, financial and other risks for our clients.. IAM is a part of the Risk Consulting Practice in KPMG, one of the key areas identified for major investment and growth. KPMG is growing its IAM service line and has recently acquired Silicon Valley-based Cyberinc, which provides cyber security solutions globally. This will enhance KPMG’s existing capabilities as a leader in information security consulting services and expand the firm’s ability to provide clients with newer and more agile IAM solutions. This bolsters KPMG’s talent and offerings in the rapidly growing area of digital consumer identity and privileged user management.
Our clients need to deal effectively with technology related risks and derive maximum value from their investment in security systems and technology. Our specialists provide independent, jargon free advice and advanced technology capabilities to help our clients proactively manage their technology risks and use their IT assets to its full potential. The individual selected for this role will be responsible for driving the next phase of growth for our IAM Service Line.

Key Accountabilities

• Experienced in developing identity management strategy, solution architecture and implementation roadmaps that include identity and privileged access management, RBAC, provisioning, certification, entitlement management and policy management.
Practical knowledge and experience in Privileged Access Management is essential.
Practical knowledge and experience in Customer Identity and Access management is essential.
Strong design and implementation experience of at least one of the following vendor technologies like CyberArk, SailPoint or BeyondTrust is essential.
• Proven years of strong IAM advisory, design and implementation oversight experience on large, complex projects (e.g; FTSE 100 clients)
• Actively identifying and progressing business development opportunities, as well as managing sales activities such as proposal development, writing and assisting with client presentations.
Capability to identify technical risks, articulate the associated IT costs and business impacts, and propose options for resolution
• Able to initiate, develop and challenge thought leadership in in all areas of identity management.
• Recognised in the industry as a specialist in the IAM space, with a good understanding of disruptive trends, evolution of IAM solutions backed by knowledge of the business value of IAM.
• Good understanding of Digital Transformation initiatives, GDPR and other regulation that impacts and drives the adoption of IAM controls.
• Knowledge of Customer Identity Management solutions with proven experience in either delivering and developing business case, strategy and roadmaps.
• Ability to develop constructive client relationships, both inside and outside of KPMG.
• Understanding of managed services delivery models for the delivery of Identity Management services.
• Experience in Role modelling, Risk based Authentication, Identity Federation and Data Access Governance.

The Person

• Excellent business and technical stakeholder engagement skills within the IAM project setting is required.
• Experience with Project Management duties (project planning, resource management, scope, schedule and status, documentation).
• Continuous development of self and team, including managing client feedback.
• Monitoring quality of service and products to clients and carrying out improvement or development as necessary.
• Management of SailPoint discovery, onboarding and go live
• Detailed understanding of SailPoint and access management functionalities.
• Good understanding of CyberArk and other similar privileged management tools.
• Strong ability to interact with Tech Operations and CISO teams in a client facing roles and to explain technical concepts in an easy to understand manner
• Good ability to manage technical resources.

Qualifications & Skills:

• Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math).
• Recognised information protection qualifications (e.g. CISSP, CISSP-ISSAP, CISM, GIAC) desirable.
• Experience using Project Management tools like MS Project desirable.
• Excellent communication and presentation skills (both written and oral)
• Excellent negotiation skills.
• Demonstrated ability in strong verbal and written communication skills to interface with both technical and non-technical stakeholders, including the ability to confidently lead software presentations.
• Highly organised with ability to prioritise workload to incorporate changing priorities.
• Delivering quality and striving for continual improvement.
• Strong planning, organising and decision making skills.