Senior - IT Audit

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. 
KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment

KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term.

Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. 
 

• Conduct assessments of cyber security risk and controls across network security, application security, vulnerability management, and governance controls.
• Perform closure verification and issue validation for security findings, ensuring remediation aligns with risk reduction objectives.
• Evaluate vulnerability management programs, patch management processes, and threat intelligence integration.
• Review and test governance controls related to cyber security policies.
• Strong understanding of NIST frameworks (CSF, 800-53), ISO 27001, CIS Controls, and regulatory requirements.
• Technical expertise in network security, firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM tools, and endpoint security.
• Hands-on experience in application security, vulnerability management, patch management, and security monitoring.
• Strong knowledge of network protocols (TCP/IP, HTTP, SSL/TLS, DNS, VPN, etc.) and secure configurations.
• Familiarity with cloud security controls (AWS, Azure, GCP) and DevSecOps principles.
• Professional certifications such as CISA, CISSP, CISM, CRISC, CEH, or GIAC certifications (GCIH, GCFA, GPEN) are highly desirable.
• Stay up to date with emerging cyber threats, attack techniques, and regulatory requirements impacting security controls