Cybersecurity – Cyber Law & Privacy

Cybersecurity – Cyber Law & Privacy

Technology underpins many of the most influential organisations in the world and presents opportunities for businesses that want to seek out new markets and are prepared to invest in transformational change. The last ten years have seen a rapid emergence of new technology, greater connectivity for organisations and individuals, and a 24/7 approach to global commerce. However, this has left many organisations behind the curve and struggling to achieve their business aspirations without feeling exposed to cyber security risk.

KPMG Cybersecurity professionals assist clients to address their concerns around Confidentiality, Integrity, Availability and Privacy of their technology, business systems, and information assets.

Using a holistic view of how Technology and Business integrate, the Cyber team performs technology-risk focused assessments, technology compliance, IT/operational process reviews, and design of information risk & cyber security solutions.

To join a growing team to assist clients with managing one or more of the following areas:
- Ethical Hacking - this discipline covers vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing.
- Cybersecurity Risk & Governance - this discipline covers designing and implementing Cybersecurity frameworks; Cyber maturity assessments; organisational design for Cyber Security; Cloud security; design and rollout of cyber security processes such as Incident Management, Intrusion Detection, and Security Monitoring.
- Technology Risk and 3rd Party Cyber Risk - this discipline covers IT-Business related consulting over how an organisation manages technology risk and governs its outsourcing. This involves review, re-design and implementation controls over the 3rd party organisation's IT environment. Topics include system development, project management, business or IT outsourcing, business continuity management, information security, incident management, user access management.
- Cyber Business Continuity, Disaster Recovery & Crisis Management - this discipline covers building business and technology resilience against cyber-attacks. Creating and testing Cyber Incident Response Plans around typical cyber-attack scenarios. Taking regulatory requirements around BCM and Crisis management and international standards based consulting.

Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.

Cybersecurity Law & Privacy specialist:
The role involves delivering Cyber Law compliance assessments and Cyber Law Deficiency Remediation covering the design and implementation of controls to address the people, process and technology controls needed to comply with applicable legislation in multiple jurisdictions that the organisation operates in. You will be involved in projects across the region, and working closely with our team of Cybersecurity Law & Privacy professionals.

Cyber Law is the term used to describe the a law that deals with the issues related to the Internet, technological and electronic elements, communication technology, including computers, software, hardware and information systems. Cyber crime is a generic term that refers to all criminal activities done using the medium of communication technology components, the Internet, cyber space. Cyber crimes can involve criminal activities that are traditional in nature but using electronic means, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Singapore Computer Misuse Act, Singapore Cybersecurity Act and the Personal Data & Protection Act, and other relevant overseas legislations such as US Cyber Laws and the EU Privacy Law (GDPR).

The rapid growth of the information technology has led to a situation where the existing laws are challenged. It deals with computer hackers (black hats) and people who introduce malware into computers. Cyber Law prevents or reduces the damage from cyber-criminal activities by protecting information access, privacy, communications, intellectual property (IP) and freedom of speech related to the use of the Internet, world wide web (www), email, computers, cell phones, software and hardware, such as data storage devices.

Your responsibilities will include the following:
• Provide advice to clients on interpretation and guidance on the instruments/methods needed to ensure compliance with applicable Cyber laws.
• Perform Cybersecurity Law Compliance Assessments to ensure appropriate design and implementation of controls to abide with applicable Cyber laws & Privacy laws.
• Prepare a report on identified compliance breaches or non-compliance gaps, and recommendations to remediate.
• Design a Cybersecurity Law Framework to address ongoing cyber law compliance at an organisational level which holistically addresses the people, process and technology dimensions.
• Assist in continuously enhancing the existing cyber law methodologies.
• Remain up-to-date on the latest global and local cybersecurity developments and the applicable cyber laws/privacy laws in multiple jurisdictions.

• Identify and resolve complex issues and develop innovative solutions for high profile clients on a variety of local and international engagements
• Client-centric with good communication skills
• Driven to learn new things and share knowledge with your clients and colleagues
• Able to work as part of a team, and at the same time being an independent self-starter
• Flexible working style to work in a dynamic environment
• Actively identify and support business development opportunities which includes supporting the team with sales activities such as proposal writing and client presentations
• Coach and develop team members as part of the firm's overall Performance Management process or on specific engagements

The ideal candidate should:
• Any degree in law with information systems major/minor along with deep interest in technology law, cybersecurity law and privacy law will be considered
• Have a good working knowledge of Cybersecurity legislative principles, techniques and practical application
• Have strong analytical, problem solving and inter-personal skills
• Excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences
• Be willing to travel on regional and international assignments (occasionally)
• Have prior consulting experience in Cyber Law or Privacy
• Fresh graduates to 2 years of relevant experience for Associate
• Minimum 3 years of relevant experience for Senior Associate
• Minimum 4 years of relevant experience for Assistant Manager
• At least 5-6 years of relevant experience for Manager
• More than 8 years of relevant experience for Associate Director