Description:
KPMG's Cyber Defense Manager and Associate Director will be part of the Technology Risk and Cybersecurity team within our Risk Consulting practice, reporting directly to the Head of Technology Risk and Cyber. Cybersecurity is a key area of strategic investment and growth for KPMG. Our clients operate in an increasingly complex threat landscape and rely on us to help them understand and respond effectively to these risks.
Responsibilities:
- Lead and drive organizationwide security awareness programs to strengthen the security culture.
- Oversee the deployment, configuration and ongoing management of key security technologies (e.g., SIEM, IDS/IPS, EDR and related tooling).
- Lead the planning, design, implementation, testing and operations of cybersecurity processes, controls and systems.
- Enhance and mature Cyber Defense and Offensive Security service offerings through process optimization and improved crossteam collaboration.
- Develop nextgeneration threat detection capabilities leveraging machine learning, artificial intelligence and advanced analytics.
- Represent the firm's methodologies and thought leadership in internal training, client meeting and external industry events.
- Perform malware reverse engineering to support threat intelligence and incident response functions.
- Manage the Cyber Defense service line, covering vulnerability scanning, application security assessments, enterprise vulnerability evaluations, social engineering exercises, physical security testing, web application assessments, remediation tracking and penetration testing engagements.
- Define and maintain policies, standards and methodologies for vulnerability assessments and penetration testing in alignment with organizational mission and industry best practices.
- Provide clients with actionable remediation plans, prioritized recommendations and securityimprovement roadmaps.
- Prepare client proposal documents, including solution designs, pricing sheets and technical presentations in response to RFPs/RFIs.
- Provide expert guidance on security architecture for threat detection and response platforms used within SOC and fusion center environments.
- Demonstrate strong knowledge of BNM RMiT (June 2023), NIST Cybersecurity Framework, ISO 27001:2022, Securities Commission Malaysia GTRM and other applicable regulatory and industry standards.
- Execute offensive security engagements and redteam operations, simulating adversarial Tactics, Techniques and Procedures (TTPs).
- Collaborate with security governance, risk and compliance teams to ensure vulnerability scanning and assessment activities align with internal controls and regulatory requirements.
Requirements:
- Bachelor's degree in Engineering (B.E./B.Tech) or an equivalent technical qualification.
- Excellent communication and strong project management capabilities.
- Deep expertise in Vulnerability Management tools such as Qualys, Nessus, Rapid7, NetSparker/Acunetix, ZAP, Veracode, Kali Linux, BurpSuite, Nikto and related platforms.
- Outstanding interpersonal skills with proven ability to build teams, mentor colleagues and lead effectively.
- Demonstrated success in earning the trust and confidence of senior-level stakeholders.
- Ability to thrive in a fastpaced, resultsdriven environment, quickly adapt to new technologies, and contribute efficiently.
- Willingness and ability to travel as required.
- The role requires the following professional certifications:
- Offensive Security Certified Professional (OSCP)
- Offensive Security Wireless Professional (OSWP)
- Council for Registered Ethical Security Testers (CREST)
- Certified Ethical Hacker (CEH)
- CREST Certified Malware Reverse Engineer (CCMRE)
- Computer Hacking Forensic Investigator (CHFI)
- General information security certifications such as CISSP, CISM, GIAC, or equivalent.
- 810 years of relevant industry experience.
#LI-SB1
