Junior IT Security Specialist

KPMG Singapore

Singapore

Description

We are looking for a hands-on IT Security Specialist to support daily security operations, regulatory compliance, and enterprise security initiatives.

This role is critical in maintaining the firm’s security posture, ensuring timely response to security incidents, and supporting ongoing regulatory and audit requirements. The position involves close collaboration with business stakeholders, global security teams, and other technology teams.

Key Responsibilities

  • Security Operations & Incident Response
  • Manage day-to-day security operations, including monitoring, investigation, and response to security incidents. Work closely with local and global SOC teams to ensure timely containment and resolution.
  • Vulnerability Management
  • Drive the end-to-end vulnerability management lifecycle (scanning, prioritisation, remediation tracking, and reporting) to minimise risk exposure and maintain audit visibility.
  • Regulatory Compliance & Audit Support
  • Support compliance with regulatory and industry standards (ISO 27001, MAS TRM, CSA Cyber Trust Mark). Maintain documentation, perform control testing, and ensure audit readiness.
  • Access Governance & Identity Management
  • Manage user access reviews (UAR), privileged access (PAM), and identity lifecycle processes to enforce least privilege and strong access controls.
  • Security Platform Management
  • Administer and support key security solutions such as web security gateways, DLP, endpoint protection, and data classification tools. Ensure effective policy enforcement and continuous improvement.
  • Incident & Data Breach Management
  • Lead investigation and remediation of security incidents and data breaches. Coordinate with business, legal, risk, and global teams where required.
  • Emerging Technology & Cloud Security
  • Support secure adoption of cloud services, AI tools, and enterprise platforms, ensuring alignment with security and compliance requirements.

Requirements

  • Degree in Information Security, Computer Science, or a related field
  • 0 - 2 years of relevant experience in IT security
  • Hands-on experience in:
  • Security operations and incident response
  • Vulnerability management processes and tools
  • Identity and access management (IAM, PAM, UAR)
  • Security technologies (e.g., DLP, endpoint security, web gateways, CASB)
  • Good understanding of ISO 27001 security framework
  • Ability to operate in a fast-paced environment with high operational demand
  • Strong stakeholder management and communication skills
  • Certifications such as CompTIA Security+, CompTIA CySA+, or equivalent