Hiring: TPRM and Information Security Professionals
**Location:** Bengaluru, India
**Company:** KPMG India
**Position Overview:**
KPMG India is actively seeking experienced professionals in Third-Party Risk Management (TPRM) and Information Security for multiple roles in Bengaluru. If you have a strong background in cyber security, data privacy, software supply chain security, or cloud security, this could be the opportunity you’re looking for! As part of the TPRM and Information Security team, you will be instrumental in assessing, managing, and mitigating risks associated with third parties and ensuring robust information security practices across our engagements.
**Why Join KPMG India?**
KPMG is a global leader in audit, tax, and advisory services, known for helping organizations improve their risk management, governance, and compliance. Working with KPMG means you’ll have access to a collaborative environment that fosters professional growth, provides training on the latest tools and techniques in TPRM and information security, and offers the chance to work with leading industry experts.
**Responsibilities:**
As a TPRM and Information Security Professional, your role will involve:
1. **Risk Assessments:** Conduct thorough risk assessments of third parties, suppliers, and vendors to identify potential security vulnerabilities. Evaluate these parties based on various parameters, including information security posture, regulatory compliance, data protection policies, and cloud security standards.
2. **Cybersecurity and Data Privacy Management:** Collaborate with internal and external stakeholders to ensure compliance with data privacy and cybersecurity requirements. Develop and implement security controls that mitigate risks related to sensitive data handling and storage.
3. **Vendor/Supplier Risk Management:** Actively engage in assessing the risk profile of new and existing vendors and suppliers, including performing due diligence. This includes analyzing contractual agreements, identifying red flags, and suggesting mitigations for identified risks.
4. **Software Supply Chain Security:** Work with relevant stakeholders to secure the software supply chain by assessing third-party software providers and their development practices. Ensure that software obtained from third-party vendors meets established security standards and minimizes risks from software vulnerabilities.
5. **Cloud Security Controls:** Ensure third parties and suppliers are implementing adequate cloud security measures if they manage sensitive data on the cloud. Evaluate cloud service providers’ compliance with industry standards (e.g., SOC 2, ISO 27001, GDPR) and help mitigate risks associated with cloud security.
6. **Regulatory and Compliance Monitoring:** Stay updated with relevant regulations and industry standards related to data privacy, cybersecurity, and vendor risk management. Support compliance with frameworks such as GDPR, HIPAA, SOC, and ISO standards. Ensure third-party practices align with KPMG’s internal policies and regulatory requirements.
7. **Incident Response Support:** Contribute to incident response activities involving third-party-related security incidents. Provide support in investigating, containing, and remediating security incidents that arise from third-party involvement.
8. **Collaborative Engagement:** Collaborate closely with internal stakeholders, including IT, legal, procurement, and compliance teams, to align third-party security practices with overall organizational policies and strategies.
9. **Reporting and Documentation:** Prepare detailed reports on third-party risk assessments, outlining key findings, risk exposure, and recommended remediation steps. Ensure all documentation is complete and complies with audit standards, creating a clear audit trail.
10. **Continuous Improvement:** Continuously monitor emerging trends in TPRM and cybersecurity. Recommend and implement best practices and process improvements to enhance KPMG’s third-party risk management and security program.
**Required Experience and Qualifications:**
– **Experience:** 2 – 8 years of hands-on experience in the fields of cybersecurity, data privacy, software supply chain security, cloud security, or risk assessments. Experience in vendor, supplier, or third-party risk management is essential.
– **Education:** Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Certifications like CISA, CISSP, CISM, or CRISC are a plus.
– **Technical Skills:** Knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001, SOC 2) is crucial. Proficiency in using GRC tools, cybersecurity frameworks, and other assessment tools is preferred.
– **Analytical Skills:** Strong analytical and problem-solving skills are essential for conducting effective risk assessments and identifying vulnerabilities in third-party systems.
– **Communication Skills:** Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner. Strong interpersonal skills to foster collaborative relationships with internal teams and third parties.
**Preferred Attributes:**
– Detail-oriented with a proactive approach to identifying and mitigating potential security risks.
– Ability to work under pressure and manage multiple priorities.
– A commitment to staying up-to-date with the latest in cybersecurity trends, threats, and best practices.
– Strong organizational skills to manage documentation and reporting requirements effectively.
**Benefits of Working at KPMG India:**
– Competitive salary with performance-based incentives.
– Opportunities for continuous learning and professional development, including access to certifications and training programs.
– Exposure to diverse projects and clients across various industries.
– Collaborative work environment with mentorship from industry leaders.
– Comprehensive health and wellness benefits.
**Application Process:**
If you meet the experience and qualifications outlined above, we encourage you to apply. KPMG is an equal opportunity employer, committed to fostering an inclusive and diverse work environment.
**How to Apply:**
To apply, please send your updated resume to muditsrivastav@kpmg.com with the subject line: “Application for TPRM and Information Security Professional – [Your Name].”
Be part of a world-class team that’s committed to safeguarding information and managing third-party risks. Apply today to join KPMG India in building a secure, resilient, and compliant organization!