KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving ourclients' needs and their industries.

Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community.

At KPMG, you'll translate insights into action and reveal opportunities for all-our teams, our clients and our world.

Service Line Overview KPMG Managed Services brings together the firm's subject matter expertise, proprietary technology and tools and deep operations capability to provide an innovative and cost effective solution for clients seeking to outsource either a one-off remediation or an ongoing BAU process.

We operate across multiple industries, geographies and processes and have particular experience in complaint handling, claims processing and client due diligence.

Key Responsibilities Be an Expert in risk management, network security, cloud security, endpoint security, identity and access management; Identifying security risks along the entire end-to-end operation process so to align with the firm and client's securityrequirements.

Manage security incidents with teams from identification through resolution, ensuring timely and effective response.

Ensure the cross-department teams adhere to the firm's and industry best practice on security standards.

Operationalising and hardening security throughout the development and change process.

Conduct thorough Major Incident (security) root cause analysis and identify potential improvements.

Document incident outcomes and lessons learned to prepare for enhancing or system / architecture or future incident response efforts.

Monitor and analyse threat intelligence sources to identify potential threats to organizational assets.

Perform regular security reviews and audits, identifying and mitigating potential vulnerabilities.

Regular reporting of security issues and updating of dashboard for management and clients.

Communicate effectively with team members and stakeholders on security issues, risks, and incident update regular reporting of project status.

Expect to manage ad hoc critical security issues during non-office hour and to provide timely update.

Stay informed of the latest security trends, tools, and best practices.

Ensure IT and security compliance with KPMG security policy and client requirement.

Manage security and compliance projects ( test).

Coordinate various support team to respond to auditrequests.

Implement, maintain and operate information system security controls and countermeasures.

Analyse and recommend security controls and procedures in development, change and BAU.

Monitor for information systems security incidents and vulnerabilities.

Develop monitoring capabilities, reporting on incidents, vulnerabilities and trends.

Respond to security incidents, including investigation and recovery.

Interact with internal teams and vendors.

Regular Whitelist / Exception maintenance Experience & Background University Degree or equivalent (Computer Science, Information Systems Management or Software Engineering preferably).

Extensive knowledge in security and risk management.

Applicable industry certification or qualification (, CISSP, CISA, CISM, CCSK) and other cloud vendor certification related to security is an added advantage.

Proficiency in both written and spoken English, Cantonese and Mandarin Knowledge of monitoring tools, threat detection tools, Dev Ops and Dev Sec Ops practice.

Exposure in the following audits/regulations: SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOX 404 Working knowledge of Amazon Web Services (AWS) and Microsoft Azure (AZURE), Vulnerability Management -Qualys Prior experience of Service Now and Atlassian Suite - JIRA & Confluence is preferred.

Proven working experience with network security and networking technologies, and with system, cyber security from prevention, via detection to response, Cloud Ops support and monitoring tools at least 3 years; Strong understanding of the latest security principles, techniques, and protocols.

Ability to think critically and an aptitude for problem-solving.

Strong communication skills.

Able to communicate clearly, persuasively and in a positive manner.

About KPMGAt KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons.

It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.

We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients to help them achieve their ESG goals.

View Our Impact Plan to learn more about our ESG commitments and progress across four key pillars - Governance, People, Planet and Prosperity - and how we make a positive impact on our people, environment and society.

We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us.

Visit KPMG China website for more company information.

You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only.

KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China's Online Privacy Statement and/or KPMG China Privacy Statement (collectively "Privacy Statement").

During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking platform.

If you have any questions regarding the information you provided in the form or your job application in general, please contact KPMG China's HR personnel in the location where your application is submitted [see here].