Senior associate, cybersecurity risk assessment - advanced english
we are ktsa – kpmg technology services americas, a service delivery center of kpmg us with offices in mexico city, guadalajara, and a growing remote talent network across the country.
we deliver high-value technology, consulting, and corporate support services to kpmg us and its clients.
explore – our employer value proposition.
it's how we grow, lead, and thrive.
it's the mindset that drives our culture and shapes every opportunity:
experience: a collaborative, inclusive, and multicultural workplace where you belong.
excel: by creating impact and leaving your mark on global projects.
expand: your potential with real career paths, learning programs, and mentorship.
express: your individuality – come as you are, and thrive as your authentic self.
we back this mindset with ktsamás, our total rewards program, designed to support your well-being, goals, and personal milestones.
responsibilities
apply a fundamental understanding of information security to perform information security risk assessments of technology-enabled projects against industry standard or firm-specific control frameworks.
activities may include a variety of techniques, security requirement definition, and facilitation of security testing and management of residual risk.
assessment methodologies may include a combination of an active and passive testing approaches, including interpretation of penetration testing.
participate in skills development activities for information security personnel related to security best practices; continuously improve the security aspects of operating processes.
perform cybersecurity risk assessments of technology-enabled projects with standard levels of complexity.
activities include security requirement definition, facilitation of security testing and management of residual risk.
utilize knowledge and understanding of application architecture, design and development and secure coding principles and emerging standards to identify findings and clearly communicate risks and possible remediation.
advise and assist project teams regarding compensating control alternatives where security requirements cannot be met.
drive and manage the engagement between it project teams and security stakeholders.
you will be responsible for juggling multiple assessments simultaneously, ensuring security resources are scheduled effectively, and that all parties meet critical project deadlines to maintain our team's velocity.
act as a point of contact with the archer support team in identifying and testing changes with the security review process in archer; execute activities such as identifying security enhancements, creating use cases, user guides, and performing testing, gathering of key performance indicators and metrics related to security activities.
proactively identify and resolve roadblocks in the assessment process, applying strong organizational and communication skills to keep assessments on track.
qualifications
bachelor's degree or equivalent work experience with 3-5 years of recent experience in information security assessment or compliance.
cissp, crisc, cism, pci-dss or cisa preferred.
understanding of security principles, it security controls and related technologies and products.
familiarity with nist *, *, *, cmmc, nist framework, iso, hitrust, pci, and/or other relevant control frameworks.
ability to positively influence, mentor and be a credible source of knowledge to less experienced team members.
exceptional organizational and time-management skills, with a proven ability to manage a portfolio of multiple projects concurrently in a dynamic environment.
strong verbal/written communication and interpersonal skills, with a demonstrated ability to influence without authority and lead cross-functional teams toward common security goals.
you are a natural facilitator, comfortable leading meetings and driving outcomes in a matrixed environment.
benefits
extended maternity, paternity, and adoption leaves
learning opportunities, training, and certification programs
extended marriage leave and daycare support
wellness and employee assistance programs (eap)
comprehensive medical plan, life insurance, car insurance, and funeral assistance
at ktsa, we celebrate and support everyone's individuality.
we do not discriminate against any race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, or disability.
we are supportive of helping you to achieve a balance between your home and work demands.
we are happy to discuss specific requirements and our range of flexible working arrangements could be of interest.
please ask to find out more.
we strongly state that we do not require a certificate of non-pregnancy or hiv in order to participate in any of our processes.
explore ktsa, we dare to be different
#j-*-ljbffr