Cybersecurity and IT Risks Senior Consultant

Job Title

Cybersecurity and IT Risks Senior Consultant

Country

Azerbaijan

Location

Baku

Function

Advisory

Service Line

Technology Consulting

Job Level

Associate/Team member

Contract Type

Temporary

Full Time / Part Time

Full Time

About us:

 

KPMG is a global organization of independent professional services firms providing Audit, Tax and Advisory services. KPMG is the brand under which the member firms of KPMG International Limited (“KPMG International”) operate and provide professional services. “KPMG” is used to refer to individual member firms within the KPMG organization or to one or more member firms collectively. We operate in 143 countries and territories with more than 236,000 partners and employees working in member firms around the world.

Our purpose and aspiration are to turn knowledge into value for the benefit of our clients, our people, and the world’s capital markets.
  Key responsibilities and accountabilities:
  • Perform penetration testing;
  • Conduct assessments, prepare reports, presentations and other materials required for IT and Cybersecurity audit assignments, participate in the presentation of engagement reports to clients;
  • Participate in development of Cybersecurity strategy, Cybersecurity architecture, functional requirements and other technical documentation related to information security for the clients;
  • Analyze Information security processes and their maturity level using international standards and methodologies, proposing ways of their improvement;
  • Conduct written and verbal communication with KPMG team and clients, explain technical observations in an easy-to-understand manner;
  • Develop high quality project deliverables and work results;
  • Critically evaluate information gathered from multiple sources, decompose high-level information into details, abstract up from low-level information to a general understanding;
  • Synthesize own analysis, draw relevant conclusions, develop recommendations in own area of project;
  • Timely and comprehensively complete the project related tasks delegated by project manager or senior colleagues.
 

General requirements:

  • Bachelor (or Master) degree in Information Security/ Computer Science/ Engineering/ Mathematics;
  • 2-3 years of experience in information security areas;
  • Excellent verbal and written communication skills in English and Azerbaijani (Russian is a plus);
  • Strong analytical skills;
  • Problem solving skills (able to identify and solve arising issues, proposes solutions in non-routine situations. Curious, open minded, seeks information from different sources and applies knowledge to develop solutions);
  • Passion for quality of personal contribution into project success;
  • Certification: at least one of the technical penetration testing related certificates is mandatory, like OSCP, OSWE, GPEN, GWAPT or similar will be taken into consideration. Other certificates written below are a plus:
    • CISM/CISA;
    • General Cloud Security: CCSK /CCSP or similar;
    • Specific Cloud Security: Azure Security or similar;
    • Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist;
    • Industrial Control Systems: GIAC-GICSP;
    • Mobile Security: GMOB.
 

Required Technical skills:

  • Web Application and Mobile Application Security – OWASP Top 10 , CVSS etc.;
  • Mobile App testing (Android & iOS);
  • AD Penetration Testing;
  • Security Code Review – manual code review in Git etc.;
  • API Security Review – Open shift, container review etc.;
  • Database Security – Requirements to enhance security on Database;
  • Web Server Security – Requirements to enhance security on the web server;
  • Configuration Review – has performed different configuration reviews and should have found good misconfigurations in the system;
  • Integration review – How the application connects with different systems, performed security review on those integrations;
  • Transport Layer Security – How communication channels are secured and understanding of the Transport layer security mechanisms and controls;
  • Understanding of key principles and frameworks of Information Security/ Cybersecurity/ IT Risks;
  • Familiar with standards around IT and Information Security (NIST, COBIT, ITIL, ISO 27000 series, OpenGroup, etc.);
  • Experience in programming (Java, Python, etc.) and software configuration is an advantage;
  • Excellent knowledge of MS Office (Excel, Word, PowerPoint, Visio).
 

What we offer:

At KPMG, your long-term future is every bit as important to us as it is to you. That is why our aim is to give you experiences that will stay with you for a lifetime. Whether it is great training and development, the chance to move around the business or volunteering opportunities, you will gain a wealth of experiences on which to build a rewarding career. We are proud of our culture – it is one that recognizes hard work, encourages new ways of thinking and embraces diversity and inclusion. We also have an innovative spirit, which inspires what we do and how we do it – striving to be better lies at the heart of who we are. Additionally, we offer:

  • Excellent opportunities for career and professional growth
  • A wide range of training and development programs
  • Working as part of an experienced team on complex advisory projects for major Azerbaijani and multinational companies
  • Great professional team and friendly environment
  • Comfortable high-class office in Baku City
  • Health and life insurance

To apply for the vacancy please submit your CVs to hr@kpmg.az indicating the name of the vacancy in the subject of the letter.