Job Description

The role is within the Regional Delivery Centre (RDC) based in Singapore, that focuses on delivering key global and regional technology and cyber security services to ASPAC member firms. The primary function of this role is working with the network of KPMG member firms to maintain the regional level of security and information protection in line with KPMG policies and procedures in supporting the KPMG business objectives.

Job scope:

• Be part of the regional security monitoring of compliance function to perform vulnerability monitoring and to contribute to incident response management.
• Research, assess and analyze alerts from various security tools, including IDPS tools, SIEM, Anomaly detection systems, firewalls, antivirus systems, user behaviour analytics tools, endpoint inspection, and proxy devices.
• Follow pre-defined protocol to investigate possible security incidents or perform incident response actions, including escalating to other support groups.
• Maintains standard operating procedures (SOP), processes and guidelines.
• Be part of the regional threat intelligence function encompassing threat intelligence feeds data collection, adversary analysis, cyber attribution capabilities and disseminating threat intelligence.
• Assist in analyzing & reducing false positive of the cyber threat detection use cases
• Work with internal experts/external vendors to resolve technical issues.
• Prepare incident reports on high severity incidents.
• Support the development and enhancement of SOC incident response capabilities.
• Contribute to enhancements on incident response life cycle, security tools, SOAR playbook, IR runbooks and security processes for daily security operations.
  

• 4-7 years\' experience in working in a corporate environment with 2-4 years of experience being in a similar role.
• Proven experience in the information security industry / professional organisations or comparable programs
• Have successfully operated in the operational risk and security management processes
• Understanding of ITIL and ISO 27001 control objectives
• Professional security certification such as CISA, CISM, CRISC or CISSP preferred
• Broad understanding of technology service delivery processes, risk assessment and risk mitigation