:

Associate Director Cybersecurity - Cyber Defense & Response

KPMG has been acknowledged by Forrester as a leader in the provision of cybersecurity consultancy. We are investing in expanding our cyber consulting team to meet a growing demand and provide a comprehensive range of services to many of the largest companies in the world.

We help clients protect, detect and respond to high-end cyber threats; helping them understand the cyber threat landscape, make sensible decisions on investment priorities, and build the specialist capabilities they need to counter cybercrime and other threats.

We believe cyber security is about helping our clients harness business opportunities safely and securely. For us, cyber security isn\'t just a technical issue, it is one which engages the whole business and focuses on a holistic approach to understanding and mitigating the risk.

Our team works closely with KPMG\'s broader advisory practice to link cybersecurity to IT transformation and operational resilience.

KPMG Lower Gulf is currently seeking to hire an experienced Associate Director - Cyber Defense & Response for a permanent opportunity to work with our Advisory Function.

The Role

At KPMG we are looking for an Associate Director who lives and breathes offensive security and hacking. You will have earned your stripes doing technical assessment work in data centres, delivering on red teams and will be already skilled in leading teams of talented testers. In return, we will provide unique engagements assisting our clients with their challenges and a friendly, passionate team to develop and grow further.

KPMG\'s Cyber Defence team has a long and successful history in KPMG, our clients are diverse and we cover many sectors with particular specialisms in Financial Services, Energy and Natural Resources and Technology and we conduct interesting and challenging work that is not on offer elsewhere.

As a technical cyber security Associate Director you should expect to be involved in a wide range of challenging engagements helping our clients improve their cybersecurity defense posture and practices. You will be advising and supporting clients in various cyber defense domains including penetration testing, red/purple teaming, technical security configuration assessments, security monitoring and security operations, compromise assessments, threat intelligence and threat hunting, incident response, etc.

As an Associate Director, we want your business brain as well as your technical hacking skills. You will bring ideas of how to drive the business forward, and be skilled in the commercial aspects of security testing, above all you will know what clients are looking for when they buy security testing and how to deliver it.

Responsibilities:

Management and delivery of challenging, complex technical client engagements to ensure quality and value to our clients by:

• Advising on various aspects of cyber defense/response
• Leading a team of cyber defence professionals in conducting penetration testing, red/purple teaming, compromise assessments, white-box configuration reviews over a variety of hosting environments
• Supporting them in the development of their cyber defense and response capability
• Anticipating future needs and requirements and building innovative services to address them
• Linking cyber defense to other cybersecurity or wider consultancy offerings on risk management, resilience and IT transformation to provide holistic support to our clients
• Managing and delivering medium-/large-sized engagements
• Business development including leading proposals and participating in client presentations.
• Developing constructive client relationships, both inside and outside of KPMG
• Coaching and developing team members through sharing of experience and knowledge, as well as managing the performance and development of other team members
• Upholding KPMG\'s values by acting with integrity

Experience and Skills

Specific to the role, we expect that you will have:

• Proven experience of leading technical teams in engagement delivery in the following areas: technical security assessments, penetration testing, red/purple teaming, security monitoring and security operations, compromise assessments, threat intelligence and threat hunting, incident response, etc.
• Track record showing understanding of the technology, threat and regulatory issues faced by clients (essential)

More generally, we expect that you will have:

• Proven ability to analyse problems, identify core issues and recommend appropriate technical solutions
• Proven experience of successfully managing complex cyber security services preferably in professional consultancy service provider, ensuring the delivery of high-quality work on time and to budget
• Proven ability to lead work at sustained levels of high intensity, and inspire drive and resilience in others
• Proven ability to produce thought leadership material and engage as a subject matter expert with senior audiences and security professional communities
• Excellent communication skills (both written and oral), negotiation and project management skills
• Ability to interact with organisations at senior levels
• Strong networking skills and a broad professional network
• Proven commercial and business acumen
• Have led, or at least played a key role, in selling and delivering technical cybersecurity engagements related to cyber defense and response
• At least 4-6 years of expertise in leading professional teams
• Experienced with ethical hacking/red teaming frameworks (e.g. CBEST, TIBER, AASE, FEER, etc.)
• Familiar with the cybersecurity market in UAE.

Qualifications and Skills

• A hacker mindset!
• Bachelor or master\'s degree (preferably computer science, software engineering or cyber security)
• Relevant certifications regarding offensive security (e.g. CCSAM, CCSAS, OSCP, GPEN, GXPN, LPT)
• Developing and leading cyber defense/offensive security professionals
• Developing cyber defense services
• Proven skills with regard to security and penetration testing, ethical hacking (red and purple teaming), compromise assessments, security operating centers, security monitoring, DevSecOps, incident response, threat intelligence and threat hunting.

KPMG