Assistant Manager - Cloud Endpoint Security

KPMG • Full-time • Bengaluru, IN • 1d ago

About KPMG Global Services (KGS)

Established in 2008, KPMG Global Services (KGS) India is a strategic global delivery organization that works with KPMG firms to provide a progressive, scalable and customized approach to business requirements. The KGS India journey has been one of consistent growth, currently operating from eight locations in India — Bengaluru, Gurugram, Hyderabad, Mumbai, Kochi, Noida, Kolkata and Pune. KGS provides a range of Advisory, Tax and Audit support services to KPMG firms around the world, offering opportunities everywhere with us to make your mark.

Reflecting a sharp focus on our people, as part of KPMG in India, we are rated among the top 10 Best Companies in India for women and as Champions of Inclusion by Avtar and Seramount. We are also rated as a Gold Employer for our LGBTQ+ inclusive practices and policies by India Workplace Equality Index (IWEI). In addition, we have been ranked as the # 1 employer for women and among the best companies for policies on Diversity and Inclusion, - by ASSOCHAM (The Associated Chambers of Commerce & Industry of India).

KGS was recognized for the ‘Most Impactful Women Empowerment Initiative (Corporate) for the and Most Impactful Skill Development Programme Initiative of the year during the IndiaSocial Impact Awards 2024. We are also a LEED and ISO 14001:2015 (Environmental Management System (EMS)) committed to making a positive impact on people and the planet.

The Team

Capability Hubs (CH) is a mature set of cross-functional capabilities that enable the go-to-market agenda, corporate functions and engagement support teams of KPMG firms.

Led by an experienced leadership team across six locations in India (Gurugram, Bengaluru, Kochi, Pune, Hyderabad and Noida) and supported by seasoned professionals with deep domain expertise, CH is dedicated to delivering value and achieving business outcomes.

Working closely with KPMG firms, which leverage our teams for enablement across functions such as Insights & Risk management, Sales Enablement, Digital Experience & Business Services, Technology Services and Transformation, CH forms an integral part of KGS’ strategy to innovate, build, scale and improve profitability.

The Role

We are seeking an experienced and forward thinking Lead Azure Platform Security professional to govern and drive the implementation of security controls across our enterprise Azure platform. This role will champion secure-by-design cloud adoption, lead platform security engineering activities, and own the strategic roadmap for Azure platform protection.

As the technical and strategic authority for Azure platform security, you will collaborate closely with Cloud Architecture, Security Operations, DevOps, Risk & Compliance, and Platform Engineering teams to ensure our Azure environment remains resilient, well governed, and aligned to industry best practices.

Technical Responsibilities

Platform Security Leadership

Manage the overall Azure platform security strategy, architecture, and roadmap.
Lead the continuous enhancement of secure Azure Landing Zones, guardrails, and enterprise governance controls.
Define and maintain platform security patterns, standards, and reusable modules across the cloud ecosystem.
Act as the SME on Azure platform security, advising senior stakeholders and influencing cloud decision making.

Security Architecture & Engineering

Design and oversee implementation of platform security controls including:
Azure Firewall, network segmentation, and Zero Trust networking
Private Links, VNET peering, routing, and perimeter controls
Key Vault, managed identities, and platform identity controls
Defender for Cloud configuration, attack surface reduction, and secure baselines
Lead threat modelling, platform risk assessments, and secure design reviews for new services and architectural changes.
Ensure platform alignment with Microsoft CAF, enterprise architecture principles, and CIS/NIST security benchmarks.

Governance & Compliance

Own Azure Policy strategy, governance rulesets, and compliance monitoring.
Lead the creation and enforcement of platform guardrails, tagging standards, RBAC models, and security baselines.
Ensure alignment with regulatory and compliance frameworks such as ISO 27001, CIS Controls, GDPR, PCI-DSS (as applicable).
Provide authoritative input during internal audits, external audits, and cloud risk assessments.

Identity & Access Security

Define platform-level identity governance including role models, PIM usage, and access hygiene.
Lead adoption of Conditional Access, MFA, identity resilience, and privileged access processes.
Ensure consistent least privilege access across the entire Azure platform.

Security Monitoring & Incident Response

Partner with SOC and Cyber Operations to:
Enhance Sentinel detection rules
Improve monitoring of platform services
Support incident response for Azure platform level threats
Drive continuous improvement of security posture, automation, and alert fidelity.

Automation & Engineering Enablement

Oversee automation of platform security checks, policy remediation, and reporting using:
PowerShell / Azure CLI
Bicep / Terraform
GitHub Actions / DevOps pipelines
Build a culture of reusable IaC modules, shift left security practices, and operational excellence.

Leadership, Mentoring & Stakeholder Influence

Lead and mentor junior and mid‑level cloud security engineers.
Represent platform security in senior governance forums, architecture boards, and programme steering groups.
Engage with engineering, product, and operational teams to embed secure-by-design into cloud delivery.
Communicate complex security topics clearly to technical and non‑technical stakeholders.

Qualification

7+ years in cloud security, platform engineering, or security architecture roles.
Deep, hands-on expertise with Azure platform security, including:
Defender for Cloud, Sentinel, Key Vault, Network Security
Azure Policy, RBAC, PIM, Conditional Access
Landing Zones & CAF-aligned governance
Extensive experience designing and implementing Zero Trust architectures.
Strong understanding of compliance frameworks (CIS, ISO 27001, NIST, etc.).
Practical experience with IaC in enterprise environments (Terraform preferred).
Proven experience leading technical teams and influencing senior stakeholders.
Strong communication, leadership, and architecture documentation skills.