Senior Cybersecurity consultant

KPMG is a global network of independent member firms offering audit, tax and advisory services. We are looking for a junior consultant to our cybersecurity practice.

Responsibilities:

— Work as part of the experienced team on complex projects;

— Rapid development of project and time management, interviewing and presentation skills;

— Perform security / gap analysis reviews in line with leading industry standards;

— Development of long-term security strategies aligned with business objectives;

— Provide an in-depth review of an organization’s ability to protect its information assets and its preparedness against cyber threats;

— Development and implementation of cybersecurity policies, procedures, and controls;

— Ensure that documented policies align with industry best practices and regulatory requirements;

— Perform comprehensive risk assessments to identify, evaluate, and prioritize cybersecurity risks;

— Continuous professional education and recognized international professional certifications.

Requirements:

— Completed Bachelor’s/Master’s in IT/Cybersecurity (MBA or related business degree is a plus);

— 3–7 years of progressive experience in cybersecurity (consulting or internal), including leading end-to-end engagements and coaching junior team members;

— Strong stakeholder management: ability to own workstreams, manage scope/budget/timelines, and present to senior management/C-level;

— Deep knowledge of controls frameworks and audits: NIST CSF 2.0, ISO/IEC 27001:2022 & 27002:2022, NIST 800-53, COBIT, CIS Controls; proven experience with ITGC/ITAC testing and controls-based audits;

— Hands-on expertise in at least two areas: ISMS design & audits; enterprise risk assessment; cloud security (AWS/Azure/GCP); IAM/IGA/PAM; SOC/SIEM & incident response; vulnerability management; data protection & privacy (DLP, encryption, GDPR-like requirements); application security/DevSecOps; business continuity & disaster recovery;

— Ability to translate business strategy into target security architecture, policies/standards, roadmaps, KPIs/KRIs, and remediation plans;

— Experience with regulatory compliance in regulated industries (e.g., financial sector) and maturity models (e.g., C2M2);

— Familiarity with GRC and security platforms (e.g., ServiceNow GRC, Archer, OneTrust, SailPoint/Saviynt, EDR/SIEM tools);

— Excellent analytical, documentation, and report-writing skills; delivers client-ready outputs (gap analyses, maturity baselines, risk registers, roadmaps);

— Pre-sales experience (scoping, proposals, estimations) is a strong advantage;

— Recognized certifications: CISSP/CISM/CISA/ISO 27001 Lead Implementer or Lead Auditor (required or strong plus); CCSP, CRISC, OSCP/CPTS are advantages;

— Fluency in Uzbek, Russian, and English (Upper-Intermediate/Advanced); strong presentation and communication skills;

— Willingness to travel across Central Asia as needed.

We offer:

— Opportunities for professional growth;

— Great professional cyber team and friendly environment;

— Continuous learning and development;

— Working in any office of KPMG across Central Asia.