Line of Service
Internal Firm Services
Industry/Sector
Not Applicable
Specialism
Operations
Management Level
Senior Associate
Job Description & Summary
A career in Information Technology, within Internal Firm Services, will provide you with the opportunity to support our core business functions by deploying applications that enable our people to work more efficiently and deliver the highest levels of service to our clients. You’ll focus on managing the design and implementation of technology infrastructure within PwC, developing and enhancing both client and internal facing applications within PwC, and providing technology tools that help create a competitive advantage for the Firm to drive strategic business growth.
Our Information Technology Security team assists PwC in designing and creating sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation, Information Technology security architecture, and the software development lifecycle.
At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.
At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. "
Job Description & Summary:
PwC is driving major change across technology including the building of a centralized model to deliver and manage technology services across the entire network of member firms.
An Information Security Risk Manager plays a crucial role in ensuring an organization’s information security and compliance with relevant policies and standards.
Information Security Risk Manager aligns with Information Security team members to ensure there is an effective implementation of controls & process in place. Responsible for identification of Cyber security risks, their impact assessment and appropriate measures put in place to eliminate them or mitigate their effect. Responsible for Information Security policy and standards adherence and enforcement across all business lines
Responsibilities:
- Develop comprehensive security policies, procedures, and guidelines to protect the organization’s information assets.
- Ensure that security policies are enforced across all departments, business units and that any deviations are promptly addressed.
- Regularly review and update security policies to reflect changes in the threat landscape.
- Identify potential security risks through regular risk assessments and reviews. Manage Security Exceptions.
- Develop and implement strategies to mitigate identified risks, including technical controls, process improvements, and employee awareness through effective risk management frameworks (NIST, ISO 31000)
- Enforce security assessments of vendors and third parties to ensure they meet the organization’s security requirements.
- Ensure that security requirements are included in contracts with vendors and third parties.
- Coordinate internal and external audits, ensuring that all findings are addressed and remediated.
- Prepare and submit compliance reports, dashboards, records etc.
- Awareness to applicable standards and regulations – ISO 27001, ISO 22301, IT Act, SSAE, PCI-DSS, NIST, CIS Benchmark, cert-in.
- Responsibility to ensure that organization’s applications and databases are secure.
- Understanding of Secure SDLC, DevOps, OWASP, AzureDevOps, GitHub
- Directing efforts to secure code, such as code reviews, project security reviews, penetration testing support, and application risk assessments and mitigation across the software development lifecycle.
- Assist Business Units and Software Developers in the evolution of its application security functions and services.
- Lead the remediation of application security and penetration testing findings (SAST, DAST)
- Manage integration with assessment techniques, including Static Code Analysis and Dynamic Code Analysis
Mandatory Skill Sets:
- Security Technologies: Understanding of security technologies such as firewalls, intrusion detection/prevention systems, SIEM, endpoint protection, Web application firewalls, Identity and Access Management, Application Security.
Preferred Skill Sets:
- Cloud Security: Understanding of securing cloud environments (e.g., AWS, Azure, Google Cloud).
- Network Security: Understanding of network security principles and practices.
Years Of Experience Required:
Certifications: Minimum one strongly encouraged (CISSP, CRISC, CISM)
- 4 – 6 years of experience in Information Security Management, Risk management, Application Security, ISO 27001, ISO 31000, NIST Cyber Security Framework, NIST Risk Assessment Framework, CIS Benchmark.
,
Education Qualification:
Bachelor or equivalents
Education (if blank, degree and/or field of study not specified)
Degrees/Field of Study required: Master Degree, Bachelor Degree
Degrees/Field Of Study Preferred:
Certifications (if blank, certifications not specified)
Required Skills
Application Security
Optional Skills
Desired Languages (If blank, desired languages not specified)
Travel Requirements
Not Specified
Available for Work Visa Sponsorship?
No
Government Clearance Required?
No
Job Posting End Date