PwC is driving major change across information and cyber security by building a centralized model to provide security services across the entire network of member firms.
Mandated at the network level, Network Information Security (NIS) operates outside Information Technology (IT) and is responsible for this major program initiative, from definition of the security strategy to the execution of the global Cyber Readiness Program, moving from local to globally-provided services.
Our mission is to identify, control, and reduce the attack surface across the network of member firms while increasing our adversaries' cost of attack.
In order to deliver the Cyber Readiness Program, the NIS team is structured into the following Pillars
IT Risk and Compliance (ITGRC)
Chief Information Security Office (CISO)
Security Architecture, Engineering, Innovation and Transformation (SAEIT)
Strategy and Alliances
Chief of Staff
NIS is redefining cyber security on a global scale at PwC. Our mission protects 223,000 PwC members across 157 member firms worldwide, as well as our global clients.
If you are seeking an exciting career with the scope to grow your cyber security skills through major change on a global scale, then NIS will empower you to do so.
The Information Security Risk and Compliance pillar within NIS is responsible for the following services
Information Security Policy and Governance
Risk Management and Compliance
Metrics and Reporting
Quality Management (eGRC)
If you love the strategic side of information security this is the place to be. Within ISRC we work to create the global information security governance framework within PwC. Management of information security risks is imperative to our mission and ISRC set the minimum baseline for information security across the network of member firms. Identification, tracking and mitigation of risk through an enterprise risk register is the overall goal for the function, enabling PwC to have full visibility into potential information security risks across our estate. Delivering a business first framework aligned to industry standards in information security enables NIS to coordinate risk management and compliance efforts across the Network of firms.About the role
- Assessing the requirements and managing the legal, regulatory and policy compliance risks pertaining to Network Information Security and the network of member firms' use of technology;
- Strong understanding of information security controls & ISMS standards such as ISO27001/2, CobIT, CRISC etc.Experience with SOC2 compliance standards
- Leveraging technology and processes to enable the network of member firms to mitigate legal and regulatory risks and reduce the cost of compliance;
- Liaise with other global Risk functions (e.g., Risk Management, Internal Audit, Physical Security, Privacy Office, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution;
- Collaborate with PwC IT to align security processes and tools.
Who we are looking for
Education Level Preferred Undergraduate Degree (e.g., BA, BS) in Information technology or related field of study and/or completed certifications involving cybersecurity including CISA, CISM, CIA, CIPP, CISSP, or CFEPercentage of travel time
- 1-3 years relevant experience
- Experience managing multiple relationships and stakeholders throughout major transformation;
- Detailed understanding of risk management;
- Experience in a role balanced between business stakeholders and a central technology service organization;
- Experience navigating a matrix organization;
- Experience collaborating with multiple stakeholders across functional and technical skillsets
- Experience in a global professional services organization, preferably in the financial services industry
- Broad understanding of security technology and related risk and compliance issues related to them
- Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms' staff and leadership to enable effective information security activities and processes in line with the cyber readiness program