Advisor – Penetration Tester Job recruitment

Using a wide variety of technical and sector-specific skills, KPMG's Risk Consulting group proactively helps clients increase profits and perform outstandingly whilst reducing reputational, operational, financial, technology and other risks. We are experienced in managing diverse issues including fraud, corruption, regulatory compliance, risk frameworks and modelling, capital efficiency, corporate governance, dispute resolution, data , deriving value from contracts and much more. We turn risk to advantage for our clients

Technology - Use advanced software, hardware and methodologies to provide our clients with independent, jargon free advice to help them deal effectively with technology-related risks and derive maximum value from their data and documentation.

Roles and Responsibilities

The successful candidate will assist with ESG Tailored Assurance Scheme (CTAS) and CESG Standard Security Level (NGN 224) reviews. They will demonstrate an understanding of the practical application of information security principles and will carry out information security audits and evaluation of security controls.

Clients may range across all market sectors: Financial Services, Infrastructure and Government, Information Communications and Entertainment, Consumer and Industrial Markets.

Qualifications and Skills

Desirable qualifications include:

- Security Cleared or be capable of getting Security Clearance
- MSc in Information Security
- ISO27001 auditor qualified or have undertaken an IRCA registered ISO27001 training course
- CISSP associate or full
- CISA or CISM

IISP member or associate member Experience of CTAS and CESG:

- Experience of applying Government security policies in the Security Policy Framework, CESG Information Security Standards and knowledge or experience of assurance schemes such as CTAS, Common Criteria, CHECK would be desirable.

Other general knowledge and skills:

- Strong interpersonal and communications skills, especially written skills.
- Can demonstrate understanding and practical application of information security principles.
- Information security auditing or evaluation experience desirable.
- Experience of technical information security consulting

Experience and Background

The candidate may currently be working as a security analyst, system integrator, technical security consultant, security systems engineer, technical auditor, or security compliance auditor.