KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients' needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you'll translate insights into action and reveal opportunities for all-our teams, our clients and our world.
Service Line Overview Information Technology Services (ITS) is a single, integrated service organization with global, national and practice-based components that work together to meet service expectations and deliver priority projects to KPMG China.
As a part of the Security Operations Centre ("SOC"), you will work with a team of SOC analysts to deliver professional cyber security services, which spans the full range of security monitoring, incident investigation, response and reporting, threat intelligent and vulnerability management, and other security analytics functions.
Key Responsibilities - Ensuring timely incident identification, assessment, containment, and recovery.
- Act as incident response lead for cyber security incidents when required and coordinate resources and teams across the firm to adequately respond to security threats.
- Develop and enhance incident response processes or playbooks.
- Provide cyber security guidance on operational topics such as security incident response, vulnerability management, data breach prevention, security alert monitoring, etc.
- Prompt response to latest cyber security news or vulnerability updates.
- Perform threat management, threat modelling, identify threat actors and develop security monitoring use cases.
- Measure SOC performance metrics - ensuring compliance to policies and SLA, process adherence and process optimization.
- Ensure compliance with internal standards, international standard like ISO27001 and regulatory requirements in China.
- Candidate with less experience will be considered as Assistant Manager
Experience & Background - Bachelor's degree, with a major in IT or other relevant disciplines.
- 5+ year experience in IT Security / SOC / incident detection and response field.
- 3+ year experience in a team management role.
- Holder of CISSP, CISM and/or CISA preferred.
- Proven experience in incident detection & response in multi-cloud and hybrid-cloud environments.
- Experience in data analytics, process automation, and application development will be an advantage.
- Proven experience in SIEM, SOAR and TIP tools, develop and enhance IR playbook, security solutions evaluation and recommendations.
- Technical knowledge of MITRE ATT&CK, Cyber Kill Chain, NIST.
- Experience with endpoint security products, firewall technologies, threat intelligence, penetration tests, information security principles and practices will be an advantage.
- Experience with China brand security vendors will be an advantage.
- Strong desire to develop and follow standards and procedures.
- Strong communication skills in both Chinese and English.
About KPMG
At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.
We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients to help them achieve their ESG goals. View Our Impact Plan to learn more about our ESG commitments and progress across four key pillars - Governance, People, Planet and Prosperity - and how we make a positive impact on our people, environment and society.
We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.
You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only. KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China's Online Privacy Statement and/or KPMG China Privacy Statement (collectively "Privacy Statement"). During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking platform.
If you have any questions regarding the information you provided in the form or your job application in general, please contact KPMG China's HR personnel in the location where your application is submitted.