Vulnerability Management - Qualys

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. 

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

—  Implement, operate and manage the vulnerability management program.
— Ensure scans are performed according to policies and scan frequencies.
— Perform testing and vulnerability assessment using automated (commercial, open source) tools and manual techniques.
— Host and database assessment and security configuration review. Perform security configuration analysis for various operating systems (e.g. Unix, MS windows and other network devices)
— Network security architecture design review.
— Review and analyze security vulnerability data to identify applicability and false positives.
— Research and develop testing tools, techniques, and process improvements.
— Conduct technical security/risk assessment and information security projects.
— Identify and exploit technical vulnerabilities in systems, assess business risks to the technical vulnerabilities and communicate to relevant customers/staff
— Administer the vulnerability Response System (VRP), and update it with new vulnerabilities and assign to relevant IT groups for assessment and possible fixes
— Coordinate internal and third-party vulnerability assessments. Provide results to the appropriate technical teams and management.
— Have a thorough understanding of technological requirements for KPMG systems and provide guidelines to effectively mitigate security risks.
— Respond timely to ServiceNow tickets as needed
— Keep open lines of communication within the team and collaborate with group members.
— Report and escalate risk and key metrics. Effectively communicate security risk identified from assessments or monitoring to ensure appropriate implementation of security controls.
— Respond appropriately to cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody.
— Have experience on Risk-Based vulnerability management and prioritization tools like Kenna