Cyber OT/IIoT Security Professional, Senior Associate/ Assistant Manager
KPMG in Singapore is part of a global organization of independent professional services firms providing Audit, Tax and Advisory services. We operate in 143 countries and territories with more than 273,000 partners and employees working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such. KPMG International Limited is a private English company limited by guarantee. KPMG International Limited and its related entities do not provide services to clients.
Job Description
KPMG has established a strong cybersecurity consulting practice servicing clients from a wide array of sectors including energy, water, oil & gas, maritime, aviation, healthcare, transportation or telecommunications. Many of our clients own or operate critical infrastructure in Singapore and across the Asia Pacific region, providing essential resources and services to people in their daily lives. Cybersecurity has a big part to play in keeping cyber threats away and minimising risk of disruption to our way of life.
Cybersecurity in Operational Technology (OT) is a challenging but fulfilling field. One challenging aspect of this field is that it sits in intersection of two disciplines that usually do not intersect. Cybersecurity has its origins in Information Technology (IT), while OT system and Industrial Internet of Things (IIoT) are used by engineers to control and monitor physical processes. Professionals with expertise in both disciplines are rare. OT security is also a fulfilling field because we have been tasked by our clients to solve a broad range of issues including regulatory compliance, cyber risk assessments, penetration testing, red teaming, incident response and more. We have been successful in delivering quality services to our clients because of our ability to constantly evolve and the teamwork between a good blend of our cybersecurity and engineering professionals.
Job Responsibilities:
You will be responsible and/or if supervising others for the following:
- Performing risk assessment or threat modelling for variety of industry control system, on-prem IT and cloud systems.
- Digesting sizable amounts of information about complex systems by using your technical grounding in IT, OT/IIoT, engineering or cloud computing (e.g network architecture, firewall rules and etc) to assemble an accurate understanding of the system.
- Analysing and identifying the cybersecurity risks associated to them e.g. how an attack might get into a network and cause disruption to operations or cause a dangerous situation in which safety might be compromised.
- Work closely with our clients in gathering information, providing clarification, and managing expectations on the task we are required to perform.
- Providing security recommendations and improvement to the client in the current practices while considering impact to their operations and concerns.
- Performing other assessment/review for clients including system/network architecture reviews and reviewing actual practices in OT/IT systems against regulatory requirements e.g. the Cybersecurity Code of Practice (CCOP) for critical information infrastructure.
- Working in a project team and closely guided by the experience team member.
- Working closely with subject matter experts in a wide range of cyber security services to delivered to our clients (e.g. managing projects involving penetration testing or red teaming exercises to an owner/operator of a critical infrastructure).
⠀
The ideal candidate should possess:
- Bachelor’s degree in Cybersecurity/ Information Security/ Engineering/ Computer Science OR Information Technology equivalent.
- Minimum 3-5 years relevant experience is recommended.
- Experienced cybersecurity professionals with keen interest or already with experience in OT/IIoT; OR
- Experienced SCADA or DCS engineers with relevant skills / experience / aptitude to further development in the field of cybersecurity; OR
- Experienced Internet of Things (IoT) developers / testers with relevant skills / experience / aptitude to further development in the field of cybersecurity.
- Certifications in cybersecurity e.g. CISSP, CISM etc might be advantageous.
- Certifications in OT cybersecurity e.g. GICSP, GRID, IEC62443 might be advantageous.
- Committed to continuously learn and develop oneself in a fast-expanding field.
- Aptitude of consulting including managing oneself, projects and clients.
- Able to think logically and communicate clearly.
- Effective interpersonal skills and able to work well in a team.
- Good presentation skills might be advantageous.
#LI-JL2
Only shortlisted candidates will be contacted by KPMG Talent Acquisition team, personal data collected will be used for recruitment purposes only.
At KPMG in Singapore we are committed to creating a diverse and inclusive workplace. We believe that diversity of thought, background and experience strengthens relationships and delivers meaningful benefits to our people, our clients and communities. As an equal opportunity employer, all qualified applicants will receive consideration for employment regardless of age, race, gender identity or expression, colour, marital status, religion, sexual orientation, disability, or other non-merit factors. We celebrate the different talents that our people bring and support every staff member in their journey to achieve personal and professional growth. One of the ways we do this is through Take Charge: Flexi-work, our flexible working framework which enables agile and innovative teams to help deliver our business goals.