Total 7 research associate job vacancies in Legal / Public / Security category in The United States of America

At KPMG, your long-term future is every bit as important to us as it is to you. That’s why our aim is to give you experiences that will stay with you for a lifetime. Whether it’s great training and development, working across functional sectors, mobility opportunities or corporate responsibility volunteering activities – you’ll gain a wealth of experiences on which to build a rewarding career. We’re proud of our culture – it’s one that recognises hard work, encourages new ways of thinking and embraces diversity and inclusion. We have an innovative spirit which inspires what we do and how we do it – striving to be better lies at the heart of who we are.

Technology underpins many of the most influential organisations in the world and presents opportunities for businesses that want to seek out new markets and are prepared to invest in transformational change. The last ten years have seen a rapid emergence of new technology, greater connectivity for organisations and individuals, and a 24/7 approach to global commerce. However, this has left many organisations behind the curve and struggling to achieve their business aspirations without feeling exposed to risks. We believe that by turning traditional thinking on its head, adopting a positive approach to managing risk, will set organisations free to achieve their business aspirations.

KPMG Cybersecurity professionals assist clients to address their concerns around Confidentiality, Integrity, Availability and Privacy of their technology, business systems, and information assets. Using a holistic view of how Technology and Business integrate, the Cyber team performs technology-risk focused assessments, technology compliance, IT/operational process reviews, and design of information risk & cyber security solutions.

Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.

The role involves:

• Identify and resolve complex issues and develop innovative solutions for high profile clients on a variety of local and international engagements
• Implementation of IT solutions for use cases such as Access control, Process control, Risk management, Compliance Management, Third party vendor risk management.
• Pre/Post implementation review for large IT projects.
• Actively identify and support business development opportunities which includes supporting the team with sales activities such as proposal writing and client presentations
• Coach and develop team members as part of the firm’s overall Performance Management process or on specific engagements
  

The ideal candidate should possess:

• Degree in technology, engineering, or business studies with information systems major/minor along with deep interest in technology risk, security and IT governance will be considered
• Minimum 3 years of consulting experience in IT risk assessment or IT security
• Good knowledge on new developments in cyber services capabilities and industry knowledge
• Good working knowledge of information security principles, techniques and standards
• Professional certifications such as CISSP, CRISC, CISA, CISM, PMP or other relevant qualifications
• Driven to learn new things and share knowledge with your clients and colleagues
• Ability to travel on regional and international assignments (occasionally)
• Strong analytical, problem-solving and interpersonal skills
• Excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences

Only shortlisted candidates will be contacted by KPMG Talent Acquisition team, personal data collected will be used for recruitment purposes only.

At KPMG in Singapore we are committed to creating a diverse and inclusive workplace. We believe that diversity of thought, background and experience strengthens relationships and delivers meaningful benefits to our people, our clients and communities. As an equal opportunity employer, all qualified applicants will receive consideration for employment regardless of age, race, gender identity or expression, colour, marital status, religion, sexual orientation, disability, or other non-merit factors. We celebrate the different talents that our people bring and support every staff member in their journey to achieve personal and professional growth. One of the ways we do this is through Take Charge: Flexi-work, our flexible working framework which enables agile and innovative teams to help deliver our business goals.

KPMG has established a strong cybersecurity consulting practice servicing clients from a wide array of sectors including energy, water, oil & gas, maritime, aviation, healthcare, transportation or telecommunications. Many of our clients own or operate critical infrastructure in Singapore and across the Asia Pacific region, providing essential resources and services to people in their daily lives. Cybersecurity has a big part to play in keeping cyber threats away and minimising risk of disruption to our way of life.

Cybersecurity in Operational Technology (OT) is a challenging but fulfilling field. One challenging aspect of this field is that it sits in intersection of two disciplines that usually do not intersect. Cybersecurity has its origins in Information Technology (IT), while OT system and Industrial Internet of Things (IIoT) are used by engineers to control and monitor physical processes. Professionals with expertise in both disciplines are rare. OT security is also a fulfilling field because we have been tasked by our clients to solve a broad range of issues including regulatory compliance, cyber risk assessments, penetration testing, red teaming, incident response and more. We have been successful in delivering quality services to our clients because of our ability to constantly evolve and the teamwork between a good blend of our cybersecurity and engineering professionals.

Job Responsibilities:

You will be responsible and/or if supervising others for the following:

• Performing risk assessment or threat modelling for variety of industry control system, on-prem IT and cloud systems.
• Digesting sizable amounts of information about complex systems by using your technical grounding in IT, OT/IIoT, engineering or cloud computing (e.g network architecture, firewall rules and etc) to assemble an accurate understanding of the system.
• Analysing and identifying the cybersecurity risks associated to them e.g. how an attack might get into a network and cause disruption to operations or cause a dangerous situation in which safety might be compromised;
• Work closely with our clients in gathering information, providing clarification, and managing expectations on the task we are required to perform.
• Providing security recommendations and improvement to the client in the current practices while considering impact to their operations and concerns.
• Performing other assessment/review for clients including system/network architecture reviews and reviewing actual practices in OT/IT systems against regulatory requirements e.g. the Cybersecurity Code of Practice (CCOP) for critical information infrastructure.
• Working in a project team and closely guided by the experience team member
• Working closely with subject matter experts in a wide range of cyber security services to delivered to our clients (e.g. managing projects involving penetration testing or red teaming exercises to an owner/operator of a critical infrastructure).

The ideal candidate should possess:

• Bachelor’s degree in Cybersecurity/ Information Security/ Engineering/ Computer Science OR Information Technology equivalent
• Minimum 3-5 years relevant experience is recommended.
• Experienced cybersecurity professionals with keen interest or already with experience in OT/IIoT; OR
• Experienced SCADA or DCS engineers with relevant skills/experience/aptitude to further development in the field of cybersecurity; OR
• Experienced Internet of Things (IoT) developers/testers with relevant skills/experience/aptitude to further development in the field of cybersecurity;
• Certifications in cybersecurity e.g. CISSP, CISM etc might be advantageous;
• Certifications in OT cybersecurity e.g. GICSP, GRID, IEC62443 might be advantageous;
• Committed to continuously learn and develop oneself in a fast-expanding field.
• Aptitude of consulting including managing oneself, projects and clients.
• Able to think logically and communicate clearly.
• Effective interpersonal skills and able to work well in a team.
• Good presentation skills might be advantageous.

The Cloud Security Specialist role is within the Cyber security department of KPMG. The Cloud Security Specialist will help KPMG’s clients to define systems security architectures using various cloud security technologies with a focus on AWS, MS, GCP suite of products.

The Cloud Security Specialist will be required to support business initiatives around cloud security through development in sales and/or technical pre-sales capacity, and providing specialist support to cyber security engagements where required.

The tasks include:

• Support client partners with identifying Cloud Security opportunities.
• Perform the role of sales and/or pre-sales lead for taking KPMG Cloud Security offerings to clients, manage client discussions and preparing commercial proposals.
• Build and manage technology alliance partners to drive new business opportunities and have a good understanding of alliance partner programs available for leverage.
• Drive client outreach initiatives/events for lead generation and build top-of-brand awareness.
• Connect with KPMG ASPAC Cyber network to drive new business opportunities with KPMG SG as Centre of Excellence for Cloud Security.
• Drive training enablement for technology alliance.
• Manage opportunity pipeline, risk management process and engagement contracting.
• Deliver sales commitments to be discussed and agreed with line partner
• Collecting security and functional requirements from clients and turning those into a solution architecture – high level design and low-level design.
• Act as subject matter expert on cloud security technologies, particularly on MS, AWS, GCP and 3rd party tools.
• Implement - configure cloud security technologies.
• Provide specialist support to cyber security engagements where required.

Job Requirements:

• Minimum 10 years of experience in supporting sales and/or technical pre-sales for Cloud Security
• Strong IT background in systems architecture, systems security, systems management and systems administration (minimum 8 years of relevant working experience in related industry)
• Experience in designing target system security architectures for cloud and hybrid systems
• Intermediate and/or advance certifications relating to MS, AWS and GCP
• Strong client and project management abilities coupled with excellent communication, written, analytical, organisational and problem-solving skills

KPMG Cybersecurity professionals assist clients to address their concerns around Confidentiality, Integrity, Availability and Privacy of their technology, business systems, and information assets. Using a holistic view of how Technology and Business integrate, the Cyber team performs technology-risk focused assessments, technology compliance, IT/operational process reviews, and design of information risk & cyber security solutions.

To join a growing team to assist clients with managing one or more of the following areas:

• Ethical Hacking – this discipline covers vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing.
• Cybersecurity Risk & Governance – this discipline covers designing and implementing Cybersecurity frameworks; Cyber maturity assessments; organisational design for Cyber Security; Cloud security; design and rollout of cyber security processes such as Incident Management, Intrusion Detection, and Security Monitoring.
• Technology Risk and 3rd Party Cyber Risk – this discipline covers IT-Business related consulting over how an organisation manages technology risk and governs its outsourcing. This involves review, re-design and implementation controls over the 3rd party organisation’s IT environment. Topics include system development, project management, business or IT outsourcing, business continuity management, information security, incident management, user access management.
• Cyber Business Continuity, Disaster Recovery & Crisis Management – this discipline covers building business and technology resilience against cyber-attacks. Creating and testing Cyber Incident Response Plans around typical cyber-attack scenarios. Taking regulatory requirements around BCM and Crisis management and international standards based consulting.
• Governance Risk and Compliance (GRC) - This discipline covers implementation of IT solutions for use cases such as Access control, Process control, Risk management, Compliance Management, Third party vendor risk management. This discipline also covers the area such as Pre/Post implementation review for large IT projects.

Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.

The role involves:

• Identify and resolve complex issues and develop innovative solutions for high profile clients on a variety of local and international engagements
• Actively identify and support business development opportunities which includes supporting the team with sales activities such as proposal writing and client presentations
• Coach and develop team members as part of the firm’s overall Performance Management process or on specific engagements
  

The ideal candidate should possess:

• Degree in technology, engineering, or business studies with information systems major/minor along with deep interest in technology risk, security and IT governance will be considered
• Minimum 3 years of consulting experience in IT risk assessment or IT security
• Good knowledge on new developments in cyber services capabilities and industry knowledge
• Good working knowledge of information security principles, techniques and standards
• Professional certifications such as CISSP, CRISC, CISA, CISM, PMP or other relevant qualifications
• Driven to learn new things and share knowledge with your clients and colleagues
• Strong analytical, problem-solving and interpersonal skills
• Excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences

Only shortlisted candidates will be contacted by KPMG Talent Acquisition team, personal data collected will be used for recruitment purposes only.

At KPMG in Singapore we are committed to creating a diverse and inclusive workplace. We believe that diversity of thought, background and experience strengthens relationships and delivers meaningful benefits to our people, our clients and communities. As an equal opportunity employer, all qualified applicants will receive consideration for employment regardless of age, race, gender identity or expression, colour, marital status, religion, sexual orientation, disability, or other non-merit factors. We celebrate the different talents that our people bring and support every staff member in their journey to achieve personal and professional growth. One of the ways we do this is through Take Charge: Flexi-work, our flexible working framework which enables agile and innovative teams to help deliver our business goals.

We are seeking a highly skilled and motivated risk-oriented Cloud Security person to join our team. The ideal candidate will have a strong background in cloud security, risk assessment, and compliance, with a focus on identifying and mitigating security risks associated with our cloud-based services and infrastructure.

This role requires expertise in cloud platforms, security best practices, and the ability to work collaboratively with cross-functional teams to safeguard our cloud environment.

Job Requirement:

• Cloud Security Architecture: Design and maintain a secure cloud architecture, including access controls, network security, and encryption mechanisms. Ensure adherence to industry best practices and compliance standards.
• Designing and implementing security controls: Design and implement security controls to protect cloud-based systems from cyber threats and work with other IT teams to identify potential vulnerabilities and develop strategies to mitigate them.
• Risk Assessment: Conduct comprehensive risk assessments of our cloud environment, including infrastructure, applications, and data repositories. Identify potential security vulnerabilities and threats.
• Risk Mitigation: Develop and implement risk mitigation strategies to address identified vulnerabilities and threats. Collaborate with cross-functional teams to remediate security issues.
• Compliance: Ensure cloud security compliance with relevant regulations, standards (e.g., ISO 27001, NIST, CIS), and internal policies. Conduct regular compliance checks and assessments.
• Integrating security into the DevOps process: Integrates security into the DevOps process by working with developers to ensure that security is built into the software development lifecycle. Incorporate testing technologies such as static code analysis, dynamic code analysis, and penetration testing into DevOps process to identify potential vulnerabilities and develop strategies to mitigate them.
• Automating security testing: Automate security testing to ensure that security is integrated into the continuous integration and continuous deployment (CI/CD) pipeline. Manage solutions like Azure Security Center, Azure Sentinel, and Azure Defender to automate security testing and provide real-time threat intelligence.
• Security Audits and Reviews: Participate in security audits and reviews of cloud infrastructure and services. Address audit findings and recommendations.
• Security Monitoring: Manage security monitoring tools and systems to detect and respond to security incidents in real-time. Develop incident response plans and lead incident response efforts when necessary.
• Security Documentation: Maintain comprehensive documentation of security policies, procedures, and configurations. Keep documentation up-to-date and accessible to relevant stakeholders.
• Collaboration: Collaborate with cross-functional teams, including DevOps, IT, and development teams, to integrate security into the software development lifecycle (SDLC) and cloud deployment processes.
• Incident Response: Participate in incident response activities, including root cause analysis, post-incident reports, and continuous improvement of security measures.
• Security Awareness: Promote security awareness and best practices among team members and end-users. Provide training and resources to enhance security awareness.

Qualifications:

• Bachelor's degree in computer science, information security, or a related field.
• At least 6 years of proven experience in cloud security, including expertise in Microsoft Azure Cloud Platform.
• Prefer Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Azure Solutions Architect Expert, Microsoft Cybersecurity Architect Expert Security or other relevant.
• Strong knowledge of security frameworks, standards, and regulations (e.g., ISO27017, NIST, CIS, GDPR, HIPAA).
• Experience with security tools and technologies such as SIEM, IDS/IPS, firewalls, and endpoint security.
• Knowledge of threat modeling, risk assessment methodologies, and security risk management.
• Excellent problem-solving and analytical skills.
• Effective communication skills and the ability to collaborate with cross-functional teams.
• Strong attention to detail and a proactive approach to security.

Only shortlisted candidates will be contacted by KPMG Talent Acquisition team, personal data collected will be used for recruitment purposes only.

At KPMG in Singapore we are committed to creating a diverse and inclusive workplace. We believe that diversity of thought, background and experience strengthens relationships and delivers meaningful benefits to our people, our clients and communities. As an equal opportunity employer, all qualified applicants will receive consideration for employment regardless of age, race, gender identity or expression, colour, marital status, religion, sexual orientation, disability, or other non-merit factors. We celebrate the different talents that our people bring and support every staff member in their journey to achieve personal and professional growth. One of the ways we do this is through Take Charge: Flexi-work, our flexible working framework which enables agile and innovative teams to help deliver our business goals.

KPMG Cybersecurity professionals assist clients to address their concerns around Confidentiality, Integrity, Availability and Privacy of their technology, business systems, and information assets. Using a holistic view of how Technology and Business integrate, the Cyber team performs technology-risk focused assessments, technology compliance, IT/operational process reviews, and design of information risk & cyber security solutions.

To join a growing team to assist clients with managing one or more of the following areas:

• Ethical Hacking – this discipline covers vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing.
• Cybersecurity Risk & Governance – this discipline covers designing and implementing Cybersecurity frameworks; Cyber maturity assessments; organisational design for Cyber Security; Cloud security; design and rollout of cyber security processes such as Incident Management, Intrusion Detection, and Security Monitoring.
• Technology Risk and 3rd Party Cyber Risk – this discipline covers IT-Business related consulting over how an organisation manages technology risk and governs its outsourcing. This involves review, re-design and implementation controls over the 3rd party organisation’s IT environment. Topics include system development, project management, business or IT outsourcing, business continuity management, information security, incident management, user access management.
• Cyber Business Continuity, Disaster Recovery & Crisis Management – this discipline covers building business and technology resilience against cyber-attacks. Creating and testing Cyber Incident Response Plans around typical cyber-attack scenarios. Taking regulatory requirements around BCM and Crisis management and international standards based consulting.
• Governance Risk and Compliance (GRC) - This discipline covers implementation of IT solutions for use cases such as Access control, Process control, Risk management, Compliance Management, Third party vendor risk management. This discipline also covers the area such as Pre/Post implementation review for large IT projects.

Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.

The role involves:

• Identify and resolve complex issues and develop innovative solutions for high profile clients on a variety of local and international engagements
• Actively identify and support business development opportunities which includes supporting the team with sales activities such as proposal writing and client presentations
• Coach and develop team members as part of the firm’s overall Performance Management process or on specific engagements
  

The ideal candidate should possess:

• Degree in technology, engineering, or business studies with information systems major/minor along with deep interest in technology risk, security and IT governance will be considered
• Minimum 3 years of consulting experience in IT risk assessment or IT security
• Good knowledge on new developments in cyber services capabilities and industry knowledge
• Good working knowledge of information security principles, techniques and standards
• Professional certifications such as CISSP, CRISC, CISA, CISM, PMP or other relevant qualifications
• Driven to learn new things and share knowledge with your clients and colleagues
• Strong analytical, problem-solving and interpersonal skills
• Excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences

Only shortlisted candidates will be contacted by KPMG Talent Acquisition team, personal data collected will be used for recruitment purposes only.

At KPMG in Singapore we are committed to creating a diverse and inclusive workplace. We believe that diversity of thought, background and experience strengthens relationships and delivers meaningful benefits to our people, our clients and communities. As an equal opportunity employer, all qualified applicants will receive consideration for employment regardless of age, race, gender identity or expression, colour, marital status, religion, sexual orientation, disability, or other non-merit factors. We celebrate the different talents that our people bring and support every staff member in their journey to achieve personal and professional growth. One of the ways we do this is through Take Charge: Flexi-work, our flexible working framework which enables agile and innovative teams to help deliver our business goals.

At KPMG, your long-term future is every bit as important to us as it is to you. That’s why our aim is to give you experiences that will stay with you for a lifetime. Whether it’s great training and development, working across functional sectors, mobility opportunities or corporate responsibility volunteering activities – you’ll gain a wealth of experiences on which to build a rewarding career. We’re proud of our culture – it’s one that recognizes hard work, encourages new ways of thinking and embraces diversity and inclusion. We have an innovative spirit which inspires what we do and how we do it – striving to be better lies at the heart of who we are.

We believe that by turning traditional thinking on its head, adopting a positive approach to managing risk, will set organisations free to achieve their business aspirations.

KPMG Cybersecurity professionals assist clients to address their concerns around Confidentiality, Integrity, Availability and Privacy of their technology, business systems, and information assets. Using a holistic view of how Technology and Business integrate, the Cyber team performs technology-risk focused assessments, technology compliance, IT/operational process reviews, and design of information risk & cyber security solutions.

To join a growing team to assist clients with managing one or more of the following areas:

• Ethical Hacking – this discipline covers vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing.
• Cybersecurity Risk & Governance – this discipline covers designing and implementing Cybersecurity frameworks; Cyber maturity assessments; organisational design for Cyber Security; Cloud security; design and rollout of cyber security processes such as Incident Management, Intrusion Detection, and Security Monitoring.
• Technology Risk and 3rd Party Cyber Risk – this discipline covers IT-Business related consulting over how an organisation manages technology risk and governs its outsourcing. This involves review, re-design and implementation controls over the 3rd party organisation’s IT environment. Topics include system development, project management, business or IT outsourcing, business continuity management, information security, incident management, user access management.
• Cyber Business Continuity, Disaster Recovery & Crisis Management – this discipline covers building business and technology resilience against cyber-attacks. Creating and testing Cyber Incident Response Plans around typical cyber-attack scenarios. Taking regulatory requirements around BCM and Crisis management and international standards based consulting.
• Governance Risk and Compliance (GRC) - This discipline covers implementation of IT solutions for use cases such as Access control, Process control, Risk management, Compliance Management, Third party vendor risk management. This discipline also covers the area such as Pre/Post implementation review for large IT projects.

The role involves:

• Identify and resolve complex issues and develop innovative solutions for high profile clients on a variety of local and international engagements
• Actively identify and support business development opportunities which includes supporting the team with sales activities such as proposal writing and client presentations
• Coach and develop team members as part of the firm’s overall Performance Management process or on specific engagements

The ideal candidate should possess:

• Minimum 8 years in the cybersecurity industry and possesses industry recognised certifications (e.g. CISSP, OSCP, OSWE, CREST, CRTP)
• Passionate and able to demonstrate strong interest in the field of cyber security, in particular technical assessments/reviews
• Experienced and well versed in security testing domains. For example, red teaming and threat intelligence, web/network/mobile/cloud/thick client vulnerability assessments and penetration testing
• Experienced and demonstrates strong understanding and capability to lead/execute red teaming engagements encompassing intel-led approach, from planning to execution of red team exercises, create/develop/implement TTPs based on profiles of specific threat actors against industry frameworks and best practices, and to exercise closure.
• Ability to lead, manage, oversee cyber multiple engagements across multi security testing disciplines independently and cohesively with the engagement team
• Able to demonstrate strong project management skills in areas such as meeting requirements, budgeting/RFP, timelines, documentations, overseeing risk management aspects in a project lifecycle
• Possesses strong understanding of IT risks and its business context/impact
• Possesses excellent written and communication skills to translate and communicate with C-Suite clients, direct reports and team members
• Self-driven, possesses strong desire to learn and identify new technologies and services, and willingness to share knowledge with the team

Only shortlisted candidates will be contacted by KPMG Talent Acquisition team, personal data collected will be used for recruitment purposes only.

At KPMG in Singapore we are committed to creating a diverse and inclusive workplace. We believe that diversity of thought, background and experience strengthens relationships and delivers meaningful benefits to our people, our clients and communities. As an equal opportunity employer, all qualified applicants will receive consideration for employment regardless of age, race, gender identity or expression, colour, marital status, religion, sexual orientation, disability, or other non-merit factors. We celebrate the different talents that our people bring and support every staff member in their journey to achieve personal and professional growth. One of the ways we do this is through Take Charge: Flexi-work, our flexible working framework which enables agile and innovative teams to help deliver our business goals.