Sr. Associate, Cyber Security

Job Description

KPMG is currently seeking a Sr. Associate, Cyber security to join its growing organization

Responsibilities:

• Analyze complex enterprise information security programs and infrastructure for State & Local government environments.
• Assist with assessments of clients’ IT and security processes, risk, controls and compliance against leading practices, industry, and/or client frameworks, and assess capability, maturity, identify gaps in design and execution and communicate issues and recommendations to engagement leads and client senior management.
• Work with client senior management to develop a cybersecurity improvement strategy and roadmap to improve maturity and reduce risk.
• Work with client senior management to assess, design and implement stainable solutions including GRC tools, operating processes and people models to address key and evolving risks.
• Interface with client executives and hands-on technology practitioners to bring meaningful, strategic change in the areas of information protection, data security and privacy, security operations and business continuity.
• Articulate business risks of technical vulnerabilities and identify and communicate findings to client personnel.
• Analyze processes, documentation, and workflows through interviews with staff performing security related duties, develop gap analysis and identify and prioritize security process improvements based on current risk of components adding professional insight.
• Assist clients in the development of cybersecurity procedures and processes that align with leading practices.
• Analyze cybersecurity incident response capabilities, playbooks and documentation and work with client staff to implement sustainable improvements. Facilitate table-top exercises and work with client staff to develop a plan for remediation and improvements.

Qualifications:

• A minimum of three years in the field of cybersecurity and information risk management.
• Bachelor's degree from an accredited college/university in an appropriate field
• Working knowledge of NIST Cybersecurity Framework (CSF) NIST 800-53, NIST 800-144, NIST 800-61, FIPS 199 and the Cybersecurity Maturity Model
• Familiarity with compliance frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA and HITRUST
• Experience writing policies, procedures and controls in one or more standards/framework
• Cybersecurity related certification (e.g. CISSP, CEH, CISM, CISA, GIAC, GSEC,) preferred
• Excellent written and verbal communication, facilitation, leadership and presentation skills.
• Ability to travel when travel resumes.