Information Security Risk Analyst
KPMG
- Melbourne, VIC
- Permanent
- Full-time
- Immerse yourself in our inclusive, diverse and supportive culture
- Choose the way you want to work by embracing our flexible work arrangement
- Collaborate with sector and technical experts to grow your knowledge and network
- Identifying and Managing Risks: The analyst helps in identifying and managing cyber security and other technology and information risks. This involves performing threat assessments to identify potential risks to the business and determining the preventative controls in place.
- Enhancing Business Resilience: The analyst contributes to enhancing the organisation's business resilience by designing and implementing effective controls over technology assets. This helps in building the organisation's resilience and strengthening core controls to meet the challenges of technology and information risks.
- Compliance and Governance: The analyst assists the organisation in meeting its IT compliance and governance obligations in a way that enhances business objectives. This includes developing continuous assurance and monitoring capabilities to optimise the use of resources.
- Assess various domains aspects of information security risk for KPMG Australia and develop recommendations for improvement
- Assess systems/solution/application architecture documents from a cyber security lens
- Assist and at times lead, in providing information security reporting to local IT leadership, regional and global leadership
- Assess risks and provide subject matter expertise associated with acquisitions, the onboarding of vendor solutions, technology, and services.
- Recommend and ensure security controls are proportionate to mitigate threats
- Lead initiatives to improve the security posture of the firm, increase efficiency and/or new ways to assess emerging technologies (such as AI, blockchain, quantum computing, and more)
- You actively seek out opportunities for growth, are comfortable challenging the status quo, and enjoy getting out of your comfort zone.
- You are passionate about the importance of fantastic communication to share ideas, inspire, and create change. You are able to digest, distil, and communicate complex concepts in both written and verbal forms.
- Knowledge in security standards and frameworks, such as ISO27001, NIST 800-53, Cloud Services, Risk Management, Security & Privacy Controls
- Knowledge of Cloud technologies and architectures (AWS and/or Azure)
- Knowledge of various application architectures
- Accreditation in one of the following, CISM, CRISC, CISSP or other relevant certifications, such as AWS or Azure cloud technologies would be advantageous