Posted on 2022-07-15

Senior Consultant, Information Risk Management, IT Audit – Cyber Security



  • Conduct IT Security audits against industry security standards and practices (such as HKMA C-RAF, ISO/IEC 27001, SOC2 TSC, PCI-DSS, US NIST SP 800-53, CIS Critical Controls).
  • Review IT Security audit findings, providing observations and recommendations to improve audit client’s IT Security practices and procedures.
  • Evaluate audit client’s IT Security governance and practices and provide recommendations to improve IT Security governance and to mitigate IT Security risks impacting our audit.
  • Plan and execute IT Audit day-to-day activities as part of a broader audit team, while focusing on IT Security specific aspects of our audit.
  • Complete task and deliverables to a high-quality standard as part of the audit engagements 
  • Keep senior IRM members informed of significant developments and progress on the engagement   
  • Help identify performance improvement opportunities for assigned clients 
  • Conduct fieldwork in ensuring we deliver value-added services to clients 
  • Develop internal networks and maintain excellent relationships with colleagues across KPMG, in particular in the wider Consulting, Audit and Advisory areas 
  • Contribute to a collaborative culture encouraging constructive working relationships with the audit team and others   


  • 2 years direct work experience in a technical environment
  • University degree in the field of computer science/technology management and/or 2+ years related work experience
  • Certifications in Cyber Security and/or Technology fields a plus
  • Familiarity with security audit and/or standard audit practices
  • Ability to conduct technical security audits for complex information systems
  • Ability to analyse information systems and technical specifications against defined security control standards and identify deficiencies and remediation strategies
  • Experience with network security, vulnerability management, incident response
  • Knowledge of emerging cyber security trends and threats (DOS/DDOS, phishing, ransomware, Malware, SQL injections, zero-day exploit, cross-site scripting, zero-day exploit)
  • General knowledge of network and security system functionality (firewall, ACL, VLAN, TCP/IP, PKI, VPN Tunnelling, proxies, DNS, CDN)
  • Familiarity with latest security software, encryption and related solution such as WAF, MFA, SOC, NDR, NAC, MDM, SIEM, DLP, etc
  • Familiarity with industry security standards such as HKMA C-RAF, ISO/IEC 27001, SOC2 TSC, PCI-DSS, US NIST SP 800-53, CIS Critical Controls, etc a plus
  • Ability to deliver work within tight timelines, on budget and at a high level of quality  
  • Strong teamwork ability and able to work independently
  • Strong understanding of audit and documentation requirements