Associate/Senior Associate – Management Consulting (IT Security) 

Job Description

 

An effective, well-managed IT system is one of the most valuable business advantages an organization can secure. The right technology, implemented properly, appropriately managed and monitored, can lead to significant gains in growth and efficiency. It is essential to get sound business advice to ensure technology risks are managed. IT is challenging to get right and expensive to get wrong — not only in terms of dollars spent, but also in lost efficiency and potential regulatory infringements.

 


Responsibilities

 

  • Provide subject matter expertise to assist, define, implement, operate and continuously improve Information security processes and operational procedures related to information security standard such as ISO27001, PCI DSS and Cobit.
  • Establish appropriate metrics in order to have a solid understanding of the operational issues and provide more value reporting to the stakeholders.
  • Tracking, assisting and managing to resolve the closure of security risks including review plans and monitor progress or remedial actions.
  • Communicating vulnerabilities to Technology stakeholders and assisting them with remediation activities.
  • Analyzing the results of the security testing conducted and assisting stakeholders with identifying viable remediation solutions for any vulnerability identified.
  • Development and execution of technology risk management, IT and information security strategy and processes to ensure compliance with the security policies and risk frameworks
  • Effective development and implementation of information security risk management and security frameworks, policies, programs and processes
  • Delivery of technical Security Testing (includes Penetration Testing) and Security Assessments.

 


Qualification

 

  • Bachelor’s or higher degree in business information systems, accounting or an appropriate field from an accredited university
  • Over 2 years experience in Technology Risk, IT and/or Information Security and Risk and IT Security Architecture
  • Knowledge of security process frameworks, compliance and risk requirements and regulations, Cobit, ISO27001 with particular regard to data privacy and protection.
  • Extensive experience working on projects and providing security assurance testing services.
  • Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
  • Track record of helping with implementing successful risk management & security control programs.
  • Be able to "think outside the box" and provide both scenarios and solutions to the business to enhance the IT Risk & Security function.
  • Solid experience of helping facilitate workshops, generating reports, preparing presentations and project management.
  • Experience in the identification, assessment, mitigation and management of information security risks and issues
  • Coding Experience along with Qualifications including CEH, CISSP, CISA, CISM, PCI DSS QSA, PCI DSS QSA, GIAC - GWAPT and GPEN would also be highly regarded.
  • Very good command of spoken and written English (ability to write a publication quality level to recommend to clients)

 


We offer the successful candidate an attractive remuneration package and the opportunity to work in a dynamic and exciting environment.

 

To apply please send your CV stating your current and expected salary to chutimasi@kpmg.co.th by clearly indicating in “Subject” what position you apply for.