Consulting, Cyber Operational Technology, Graduate Associate 2026

Job Description

At KPMG, your long-term future is every bit as important to us as it is to you. That’s why our aim is to give you experiences that will stay with you for a lifetime. Whether it’s great training and development, working across functional sectors, mobility opportunities or corporate responsibility volunteering activities – you’ll gain a wealth of experiences on which to build a rewarding career. We’re proud of our culture – it’s one that recognises hard work, encourages new ways of thinking and embraces diversity and inclusion. We have an innovative spirit which inspires what we do and how we do it – striving to be better lies at the heart of who we are. 

Technology underpins many of the most influential organisations in the world and presents opportunities for businesses that want to seek out new markets and are prepared to invest in transformational change. The last ten years have seen a rapid emergence of new technology, greater connectivity for organisations and individuals, and a 24/7 approach to global commerce. However, this has left many organisations behind the curve and struggling to achieve their business aspirations without feeling exposed to risks. 

We believe that by turning traditional thinking on its head, adopting a positive approach to managing risk, will set organisations free to achieve their business aspirations. 

KPMG Cybersecurity professionals assist clients to address their concerns around Confidentiality, Integrity, Availability and Privacy of their technology, business systems, and information assets. Using a holistic view of how Technology and Business integrate, the Cyber team performs technology-risk focused assessments, technology compliance, IT/operational process reviews, and design of information risk & cyber security solutions. 

We are looking for candidates to join a growing team to assist clients in the following area: 

Cybersecurity in Operational Technology (OT) is a challenging but fulfilling field. One challenging aspect of this field is that it sits in intersection of two disciplines that usually do not intersect. Cybersecurity has its origins in Information Technology (IT), while OT system and Industrial Internet of Things (IIoT) are used by engineers to control and monitor physical processes. Professionals with expertise in both disciplines are rare. OT security is also a fulfilling field because we have been tasked by our clients to solve a broad range of issues including regulatory compliance, cyber risk assessments, penetration testing, red teaming, incident response and more. We have been successful in delivering quality services to our clients because of our ability to constantly evolve and the teamwork between a good blend of our cybersecurity and engineering professionals. 

⠀

The role involves:

• Most of your talent will be put to use in performing risk assessment or threat modelling for a variety of industry control systems, on-prem IT systems and those deployed on the cloud.
• Using your technical grounding in IT or OT/IIoT or Engineering or Cloud Computing, you will be tasked to digest sizeable amounts of information about complex systems (e.g. their network architecture, firewall rules etc) to assemble an accurate understanding of those systems and their parts;
• With a clear understanding of those systems, you will analyse and identify the cybersecurity risks associated to them e.g. how an attack might get into a network and cause disruption to operations or cause a dangerous situation in which safety might be compromised;
• You will interact with our clients to obtain information or clarifications, manage their expectations, provide clear explanations about your work;
• In many cases, you might provide recommendations that might improve the client’s security posture but at the same, introduce change to their environment and current practices;
• In a similar fashion, you might be performing other assessment for different purposes e.g. in a compliance audit, you might be identify gaps between regulatory requirements and what is practiced in an OT or IT system;
• You will be working mostly project teams and supervised by more experienced members of the team e.g. Assistant Managers and Managers;
• Other than risk assessments, you will be part take in delivering a wide range of services to our clients;
You will also work with subject matter experts in different areas of cybersecurity to deliver work to our clients e.g. you might work with our penetration testing team to deliver red teaming exercises to an owner/operator of a critical infrastructure.

The ideal candidate should possess:

• Degree in Cybersecurity / Information Security; OR
• Degree in Engineering with relevant skills / experience / aptitude to further development in the field of cybersecurity; OR
• Degree in Computer Science / IT with relevant skills / experience / aptitude to further development in the field of cybersecurity; OR
• Experienced cybersecurity professionals with keen interest in OT/IIoT; OR
• Experienced SCADA or DCS engineers with relevant skills / experience / aptitude to further development in the field of cybersecurity;
• Experienced Internet of Things (IoT) developers / testers with relevant skills / experience / aptitude to further development in the field of cybersecurity;
• Certifications in cybersecurity e.g. CISSP, CISM etc might be advantageous;
Certifications in OT cybersecurity e.g. GICSP, GRID, IEC62443 might be advantageous

#LI-BC1