Job Description - Cloud Security GRC
Job Title: Cloud Security GRC
Department: Technology Consulting
Location: Mumbai/Bangalore
Keywords: Cloud Security, Cloud Architectural reviews, Risk Assessment (qualitative, quantitative, Legal
and regulatory), ITGC, NIST information systems Audit experience, Cloud Audit (Mandatory), controls
framework and testing. Experience in (LOD) Line of defence teams would be preferred.
Job Summary:
The Cloud Security DevOps Engineer will be responsible for ensuring the security and compliance
aspects of cloud-based infrastructure for KPMG India. The incumbent should be knowledgeable in
DevOps, Cloud, Kubernetes, Terraform, Python, and have a deep understanding of the ISO framework.
The successful candidate will work closely with the technology team to deliver secure and reliable cloud-
based solutions for KPMG India clients.
Duties and Responsibilities:
1. Work closely with the technology team to build and maintain secure, scalable, and highly
available cloud-based infrastructure.
2. Experience with information security; cloud security; risk assessment and GRC is must to have
3. Develop and maintain cloud-based security policies, procedures, and guidelines.
4. Conduct ongoing security assessments and audits to identify vulnerabilities and ensure
compliance with ISO standards.
5. Develop and maintain scripts and tools for automated security testing, monitoring, and incident
response.
6. Support the technology team in designing, implementing, and testing secure and reliable cloud-
based solutions.
7. Provide training and education to team members on cloud-based security best practices and
standards.
8. Collaborate with other teams (e.g. cyber security, IT operations) to ensure the security and
compliance of the entire infrastructure.
9. Stay up to date on emerging cloud security trends and technologies.
Required Skills & Qualifications:
1 Bachelor's degree in Computer Science, Information Technology, or related field.
2 Implements security controls, risk assessment framework, and program that align to regulatory
requirements on Cloud.
3 Experience in evaluating Information security policies, procedures and standards.
4 Evaluates risks and develops security standards, procedures, and controls to manage risks.
5 Implements processes, such as GRC (governance, risk and compliance), to automate and
continuously monitor information security controls, exceptions, risks, testing. Develops reporting
metrics, dashboards, and evidence artifacts.
6 Defines and documents business process responsibilities and ownership of the controls. Schedules
regular assessments and testing of effectiveness and efficiency of controls.
7 Updates security controls and provides support to all stakeholders on security controls covering
internal assessments, regulations, protecting Personally Identifying Information (PII) data, and
Payment Card Industry Data Security Standards (PCI DSS).
8 Experience in internal and external information security risk and exceptions assessments, including
incidents, vulnerability management, scans, patching status, secure baselines and penetration test
results.
9 Document and report control failures and gaps to stakeholders. Provides remediation guidance and
prepares management reports to track remediation activities.
10 Strong understanding of ISO 27001, 27002, NIST and CSA-CCM.
11 Certifications in cloud security (e.g. CCSK, CCSP) and CISSP/CISM
This job description is not intended to be all-inclusive. The employee will also perform other reasonable
related duties as assigned by the supervisor or management. KPMG India reserves the right to modify,
interpret, or apply this job description in any way the company desires. This job description does not
imply or create an employment contract, implied or otherwise, between the Company and employee.