Cybersecurity_SRC - Risk & Compliance (Assessments) – Associate 2 - Bangalore

Cybersecurity_SRC - Risk & Compliance (Assessments) – Associate 2 - Bangalore

1-4 years
Not Specified

Job Description

Line of ServiceAdvisory
Industry/SectorNot Applicable
SpecialismCybersecurity & Privacy
Management LevelAssociate
Job Description & SummaryA career in our Advisory Acceleration Centre is the natural extension of PwC's leading class global delivery capabilities. We provide premium, cost effective, high quality services that support process quality and delivery capability in support for client engagements.
To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.
As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:
  • Use feedback and reflection to develop self awareness, personal strengths and address development areas.
  • Delegate to others to provide stretch opportunities, coaching them to deliver results.
  • Demonstrate critical thinking and the ability to bring order to unstructured problems.
  • Use a broad range of tools and techniques to extract insights from current industry or sector trends.
  • Review your work and that of others for quality, accuracy and relevance.
  • Know how and when to use tools available for a given situation and can explain the reasons for this choice.
  • Seek and embrace opportunities which give exposure to different situations, environments and perspectives.
  • Use straightforward communication, in a structured way, when influencing and connecting with others.
  • Able to read situations and modify behavior to build quality relationships.
  • Uphold the firm's code of ethics and business conduct.

Role: Risk & Compliance (Assessments) - Senior Associate @ Level 1
Years of Experience: 5 to 8 Years
Work Location : Bangalore , India
Minimum Degree Required: Bachelor's or master's degree in Computer Science/Communications or related field from reputed Indian universities
Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), NIST Cybersecurity Professional (NCSP)
Required Experience:
  • 4-6 years of industry experience in Governance Risk and Compliance domain.
  • Hands on experience on Governance, Risk & Compliance, ISO 27001, SOX, Cyber Risk Assessments, program development, Maturity assessments, Regulatory Compliance such as NYDYS, FFIEC, FSP, etc.
  • Lead/Execute requirements analysis, security maturity assessments, Cyber security strategy, design and implementation related projects.
  • Demonstrates proven extensive knowledge in Policy, Framework design & development and Security portfolio rationalization
  • Experience in developing, reviewing information security policies, system security plans and Risk Assessment report in accordance with NIST, FISMA, OMB App.
  • Proficient and knowledgeable withcontrol testing, Gap Assessments, Vendor Assessments vulnerability assessments,identifying issues,security risk analysis,analyzing system requirements for internal audit and regulatory reporting, communication of issues.
  • Experience with Information Security Controls - Application development Controls, assessment experience and enterprise security policies and procedures assessment.
  • Effective ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security.
  • Leading the planning, creation and management of security architecture, components, policies and standards for all applicable platforms for client environments.
  • Good understanding of the various components of an enterprise information security program, including governance structures, policy frameworks, key controls, key processes, technology architecture and common training processes.
  • Conducting periodic reviews of Information Security risk and Vulnerability assessments (functional/technical) contents contained within the policies, procedures and frameworks to identify opportunities for continuous improvement within the organization and ensure that the content remains accurate and current
  • Develop/Review SOX, NIST CSF, ISO27001, COBIT, PCI, HITRUST, GDPR and SANS Top 20 Critical Security Controls compliance reports, identifying remediation owners, and partnering with IT resources to develop remediation plan.
  • Good Knowledge and experience with Risk and compliance management tool such as Archer and data analytics, data visualizationtoolused in the Industry such as Alteryx and tableau.
  • Conducting technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
  • Thorough understanding of IT infrastructure - Application and Network Security Requirements, Servers and User Systems Control Assessment (Windows, UNIX, distributed, mainframe systems).

Required Communication, Presentations and General skills:
  • Excellent communication skills and executive presence that enable effective engagement with senior stakeholders
  • Excellent written skills, ability to interpret a security scenario & document a summary
  • Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs.
  • Ability to create domain specific training content and deliver trainings effectively
  • Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts
  • Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
  • Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
  • Develop/Implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.
  • Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in client's security strategy plans and architecture artifacts.

Education (if blank, degree and/or field of study not specified)Degrees/Field of Study required:Degrees/Field of Study preferred:
Certifications (if blank, certifications not specified)
Required Skills
Optional Skills
Desired Languages (If blank, desired languages not specified)
Travel RequirementsNot Specified
Available for Work Visa SponsorshipNo
Government Clearance RequiredNo

Job Details

Employment Types:



About PwC

Job Source :

Similar Jobs

Career Advice to Find Better

Simple body text this will replace with orginal content