Senior Security Specialist – Threat and Vulnerability Management (TVM)
KPMG New Zealand is part of the international KPMG network, one of the world’s leading professional services organisations. We provide audit, tax, and advisory services to individuals, SMEs, not-for-profit organisations, multi-nationals and government agencies. Our people experience is anchored in a clearly articulated purpose of ‘Fuelling New Zealand’s prosperity’ and our contribution to the shared wealth and lasting well-being for all New Zealanders. In order to deliver this, we must attract, develop and retain the very best people and create a workplace environment in which everyone is able to flourish. We are proud of our reputation for values-driven behaviour that guide our actions and defines what it means to work at and be part of KPMG. We believe in Integrity – We do what is right; Excellence – We never stop learning and improving; Courage – We think and act boldly; Together – We respect each other and draw strength from our differences; and For Better – We do what matters.The KPMG ITS Group, including IT Security, enables KPMG’s success by providing the technology foundations required for a multidisciplinary firm to operate in a safe and efficient manner.
The Opportunity:
- The Senior Security Specialist – TVM role is an integral part of the Application Security Team, who is responsible for leading and delivering KPMGs threat and vulnerability management program.
- The Specialist’s primary focus is to help protect KPMG IT environment through the security disciplines of vulnerability management, device hardening and, configuration management in line with KPMG policy and standards. Additionally, they will use the vulnerability data collected to conduct non-destructive threat hunting across the KPMG IT environment with support from internal and external IT and security teams. The Senior Specialist will also be responsible for presenting TVM data to Security Operations Officer and ITS leadership to ensure that key risk metrics are being met.
- As well as managing the current TVM functions this role will be expected to drive process improvement and input into the strategic direction of TVM. This includes working with senior stakeholders across KPMG to ensure they are engaged and involved in the TVM process enabling better outcomes for KPMG and our clients.
- The role will require close collaboration with internal and external IT teams enabling them to effectively identify, track and remediate vulnerabilities across the IT environment.
Day to day you will:
- Responsible for managing and developing the KPMG TVM program, to ensure a secure environment.
- Working to help design and implement new TVM process, procedures and tools.
- Review, triage and investigate vulnerability information.
- Identification of vulnerability disclosures for key third party suppliers.
- Drive a security mindset across KPMG.
- Manage the risks from
What you'll bring to our team:
- 5 – 10 years experience as a vulnerability analyst.
- Experience managing a threat and vulnerability program.
- Hands on experience with industry standard vulnerability platforms.
- Understanding of cyber risk frameworks (NIST, ISO, ect).
- Understanding of IT infrastructure.
- Experience conducting threat hunting operations.
- Industry certifications such as CISM, SSCP, or equivalent experience.
- Driven to continuously improve.
- Positive and team focused.
- Strong Communications skills.
- Detailed oriented.
- Integrity and honesty.
- Strong time management.