KPMG has established a strong cybersecurity consulting practice servicing clients from a wide array of sectors including energy, water, oil & gas, maritime, aviation, healthcare, transportation or telecommunications. Many of our clients own or operate critical infrastructure in Singapore and across the Asia Pacific region, providing essential resources and services to people in their daily lives. Cybersecurity has a big part to play in keeping cyber threats away and minimising risk of disruption to our way of life.
Cybersecurity in Operational Technology (OT) is a challenging but fulfilling field. One challenging aspect of this field is that it sits in intersection of two disciplines that usually do not intersect. Cybersecurity has its origins in Information Technology (IT), while OT system and Industrial Internet of Things (IIoT) are used by engineers to control and monitor physical processes. Professionals with expertise in both disciplines are rare. OT security is also a fulfilling field because we have been tasked by our clients to solve a broad range of issues including regulatory compliance, cyber risk assessments, penetration testing, red teaming, incident response and more. We have been successful in delivering quality services to our clients because of our ability to constantly evolve and the teamwork between a good blend of our cybersecurity and engineering professionals.
Job Responsibilities:
You will be responsible and/or if supervising others for the following:
- Performing risk assessment or threat modelling for variety of industry control system, on-prem IT and cloud systems.
- Digesting sizable amounts of information about complex systems by using your technical grounding in IT, OT/IIoT, engineering or cloud computing (e.g network architecture, firewall rules and etc) to assemble an accurate understanding of the system.
- Analysing and identifying the cybersecurity risks associated to them e.g. how an attack might get into a network and cause disruption to operations or cause a dangerous situation in which safety might be compromised;
- Work closely with our clients in gathering information, providing clarification, and managing expectations on the task we are required to perform.
- Providing security recommendations and improvement to the client in the current practices while considering impact to their operations and concerns.
- Performing other assessment/review for clients including system/network architecture reviews and reviewing actual practices in OT/IT systems against regulatory requirements e.g. the Cybersecurity Code of Practice (CCOP) for critical information infrastructure.
- Working in a project team and closely guided by the experience team member
- Working closely with subject matter experts in a wide range of cyber security services to delivered to our clients (e.g. managing projects involving penetration testing or red teaming exercises to an owner/operator of a critical infrastructure).
The ideal candidate should possess:
- Bachelor’s degree in Cybersecurity/ Information Security/ Engineering/ Computer Science OR Information Technology equivalent
- Minimum 3-5 years relevant experience is recommended.
- Experienced cybersecurity professionals with keen interest or already with experience in OT/IIoT; OR
- Experienced SCADA or DCS engineers with relevant skills/experience/aptitude to further development in the field of cybersecurity; OR
- Experienced Internet of Things (IoT) developers/testers with relevant skills/experience/aptitude to further development in the field of cybersecurity;
- Certifications in cybersecurity e.g. CISSP, CISM etc might be advantageous;
- Certifications in OT cybersecurity e.g. GICSP, GRID, IEC62443 might be advantageous;
- Committed to continuously learn and develop oneself in a fast-expanding field.
- Aptitude of consulting including managing oneself, projects and clients.
- Able to think logically and communicate clearly.
- Effective interpersonal skills and able to work well in a team.
- Good presentation skills might be advantageous.
