Senior Cybersecurity consultant

KPMG is a global network of independent member firms offering audit, tax and advisory services. We are looking for a Senior consultant to our cybersecurity practice.Responsibilities:— Work as part of the experienced team on complex projects;— Rapid development of project and time management, interviewing and presentation skills;— Perform security / gap analysis reviews in line with leading industry standards;— Development of long-term security strategies aligned with business objectives;— Provide an in-depth review of an organization’s ability to protect its information assets and its preparedness against cyber threats;— Development and implementation of cybersecurity policies, procedures, and controls;— Ensure that documented policies align with industry best practices and regulatory requirements;— Perform comprehensive risk assessments to identify, evaluate, and prioritize cybersecurity risks;— Continuous professional education and recognized international professional certifications.Requirements:— Completed Bachelor’s/Master’s in IT/Cybersecurity (MBA or related business degree is a plus);— 3–7 years of progressive experience in cybersecurity (consulting or internal), including leading end-to-end engagements and coaching junior team members;— Strong stakeholder management: ability to own workstreams, manage scope/budget/timelines, and present to senior management/C-level;— Deep knowledge of controls frameworks and audits: NIST CSF 2.0, ISO/IEC 27001:2022 & 27002:2022, NIST 800-53, COBIT, CIS Controls; proven experience with ITGC/ITAC testing and controls-based audits;— Hands-on expertise in at least two areas: ISMS design & audits; enterprise risk assessment; cloud security (AWS/Azure/GCP); IAM/IGA/PAM; SOC/SIEM & incident response; vulnerability management; data protection & privacy (DLP, encryption, GDPR-like requirements); application security/DevSecOps; business continuity & disaster recovery;— Ability to translate business strategy into target security architecture, policies/standards, roadmaps, KPIs/KRIs, and remediation plans;— Experience with regulatory compliance in regulated industries (e.g., financial sector) and maturity models (e.g., C2M2);— Familiarity with GRC and security platforms (e.g., ServiceNow GRC, Archer, OneTrust, SailPoint/Saviynt, EDR/SIEM tools);— Excellent analytical, documentation, and report-writing skills; delivers client-ready outputs (gap analyses, maturity baselines, risk registers, roadmaps);— Pre-sales experience (scoping, proposals, estimations) is a strong advantage;— Recognized certifications: CISSP/CISM/CISA/ISO 27001 Lead Implementer or Lead Auditor (required or strong plus); CCSP, CRISC, OSCP/CPTS are advantages;— Fluency in Uzbek, Russian, and English (Upper-Intermediate/Advanced); strong presentation and communication skills;— Willingness to travel across Central Asia as needed.