Senior IT Security Analyst - Watford
Joining KPMG means joining a talented team of exceptional colleagues who bring innovative thoughts and a natural curiosity to the work they do each day. No one type of person succeeds at KPMG; a diverse business requires diverse personalities, characters and perspectives. There really is a place for you here.
As an IT Security Senior Analyst you will have a significant role in the workings of the IT Security team within IT Services. You will be a member of the team delivering security assurance including the performance of IT security risk assessment in internal projects, liaison with project stakeholders, provision of security architecture guidance for system designs, and assistance to the National IT Security Officer (NITSO) with tactical alignment of security solutions and compliance with standards.
• Oversee and provide technical assistance for project-based development and on-going maintenance of IT Security systems.
• Analyse requests relating to security policy and system design and provide assessments, assistance and feedback where necessary.
• Work closely with the different project teams and stakeholders to ensure that IT Security is an early consideration in the project life cycle.
• Provide technical feedback on network architecture and design to ensure proper alignment with IT security principles.
• Determine the scope of tests for systems and applications, coordinate their execution, manage their reporting and follow up on remediation actions.
• Remain current in state of the art technology solutions and innovative information security management techniques to safeguard organisational assets.
Technical skills and experience:
• Demonstrable experience in generalist, IT security operational roles within complex, risk-challenging IT environments with a responsibility for the delivery of IT security.
• Strong, consistent and confident articulation of the IT Risk and Security considerations within a programme, and experience of designing those into solutions.
• Proven expertise in network and application architecture and technology risk analysis, software design principles, infrastructure design and scaling, database architecture, virtualization, mobile management technologies, operating system principles, storage solutions and multi-channel IT delivery systems.
• Systematic knowledge of the IT security threat landscape, including malware vectoring and delivery, network-level and application-level security, database security, operational IT security lifecycles and IT control design.
• Understanding of PKI infrastructures and associated technologies.
• Thorough understanding of AAA (Authentication, Authorization and Accounting) systems and delivery methods.
• Knowledge about secure coding practices, software-based vulnerabilities and mitigation strategies, as well as application security testing techniques, code analysis tools, and testing methodologies.
• Knowledge of legislation impacting UK IT delivery, e.g. Data Protection, Legal Admissibility, Disability Discrimination, etc.
Soft skills and experience:
• Ability to work in high-demand, busy IT environments.
• Thorough understanding of IT project management principles.
• Strong writing and presentation skill, especially report writing.
• Ability to liaise with the full range of individuals and groups involved in a business or IT programme.
• Ability to develop and maintain effective working relationships with members of the ITS department in the UK and globally.
• Experience of working alongside Security Operations team.
Desirable additional points:
• Industry-level operational IT security certifications in good standing (e.g., SABSA SCF, SSCP, CEH)
• Experience in applying the OWASP application security principles to a development cycle.
• Experience in conducting tests, being part of wider teams, or other security operations.
• Knowledge of software reverse engineering techniques and tools.
• Understanding delivery of solutions into an Operational Environment and its requirements and challenges.
• Systematic knowledge of Microsoft products and solutions, with special emphasis in Exchange, SharePoint, SQL Server, and the Office software ecosystem.
• Experience in IT desktop security delivery in large environments.
• Experience of information management systems certified to ISO 27001
We recognise that as individuals, we each have particular needs and that one size doesn’t fit all, when it comes to how, when and where you work. That’s why we’re proud to offer our colleagues agile working options. We believe in putting you at the centre of your career – KPMG will offer the training, development and stimulating work environment to help you get to where your career ambitions are. That’s why we introduced ‘Our Deal’ – it’s our way of saying ‘thank you’ for bringing your best to work. As part of ‘Our Deal’, you’ll benefit from a range of rewards from secondment opportunities and preferential banking services to a day off on your birthday and have open, honest conversations about your career development.
While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a balanced lifestyle. We offer part time roles with flexible working arrangements which could include, annualised hours, early or late starts to fit around other commitments, shorter working days etc. We are happy to discuss your own requirements and our range of flexible working arrangements in more detail, should that be of interest and, as part of the recruitment process, we can put you in touch with people who work flexibly Equal Opportunities employer.