Information Security & Cyber Risk - Senior - Bangalore

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. 

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

• Conduct threat modeling and risk assessments to evaluate potential security risks associated with the organization.
• Provide guidance on risk remediation strategies and the implementation of countermeasures to address identified security risks.
• Ensure GDPR & PCI-DSS compliance across all areas of the organization.
• Work with the development team to ensure compliance with SDLC lifecycle and secure coding practices.
• Lead encryption efforts and disable deprecated protocols to maintain data security while in transit or at rest.
• Incorporate NIST framework into the organization's security practices and stay up-to-date with the latest controls.
• Review penetration testing reports, static and dynamic application security testing results, SaaS platforms, Azure Defender reports, and third-party application integration risks to identify vulnerabilities and evaluate overall security posture.
• Provide expertise in security and network architecture and design.
• Create comprehensive data flow diagrams to identify potential threats and identify areas for improvement.
• Evaluate cloud security posture and provide recommendations to enhance overall security.
• Continuously identify potential flaws in the entire architecture and implement security controls and practices to prevent future breaches.