Job Description

Line of Service Advisory Industry/Sector Not Applicable Specialism Cybersecurity & Privacy Management Level Manager & Summary A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe.

Our Third Party Risk Management (TPRM) team focuses on helping our clients assess, design, implement, and maintain an effective third party risk program.This is inclusive of pre and post contract stages for our clients - helping them evaluate the controls required pre-contracting with a vendor, contractor, or supplier, as well as post-contract from an ongoing monitoring perspective. Our TPRM team focuses on designing programs, operationalizing those programs, change management across all risk domains of a third party program and assessments (ongoing monitoring efforts). You will work with third parties all across the globe that support the operations of our clients to ensure adequate control environments are in place and help provide our clients comfort that both reasonable and defensible controls are in place. As more companies continue to outsource and move to cloud transformation, the demand for TPRM has quickly grown. You will help our clients transform their business, build trust amongst their ecosystem, manage risk effectively, and drive accountability and control with their third party connections.

Our team helps organisations develop TPRM business plans, cost-benefit analyses, target operating models, short/long-term strategies, and ultimately improve the effectiveness of their TPRM programs. In joining our team, you will work with xLoS professionals at PwC across all third party risk domains, including, but not limited to cybersecurity, privacy, human resources, legal, technology, financial, fraud, regulatory, and industry specific business risks. You will help organizations with strategy, design, operation and long-term maintenance of their TPRM programs. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. As a Manager, you\'ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Pursue opportunities to develop existing and new skills outside of comfort zone.
• Act to resolve issues which prevent effective team working, even during times of change and uncertainty.
• Coach others and encourage them to take ownership of their development.
• Analyse complex ideas or proposals and build a range of meaningful recommendations.
• Use multiple sources of information including broader stakeholder views to develop solutions and recommendations.
• Address sub-standard work or work that does not meet firm\'s/client\'s expectations.
• Develop a perspective on key global trends, including globalisation, and how they impact the firm and our clients.
• Manage a variety of viewpoints to build consensus and create positive outcomes for all parties.
• Focus on building trusted relationships.
• Uphold the firm\'s code of ethics and business conduct.

Required Experience:

• 10-15 years of strong industry experience in Cybersecurity Strategy, Risk & Regulatory Technology (RiskTech, RegTech).
• MUST have experience and proficient in implementation and assessments of Cybersecurity frameworks (NIST CSF, COBIT) and regulatory guidelines (e.g. OSFI Technology and Cyber Risk Management (B-13) / Third-Party Risk Management Guideline (B-10)).
• MUST have experience in controls and gap assessments based on industry standards, such as, PCI, NIST 800-53, CIS - CSC and compliance standards/frameworks like ISO 27001/27002, NIST, COBIT, SOX, GLBA, SSAE16/SOC 2, etc.
• MUST have experience and proficient in cyber risk management/control design and testing/ Cybersecurity maturity assessments/ Third Party Risk Management/Supplier or Vendor Risk assessments/ etc
• Demonstrates extensive knowledge in developing cybersecurity strategies, roadmaps, target operating models, cybersecurity governance models, cybersecurity architecture, cyber policies/standards/procedures and Board presentations/reports/material.
• Proven knowledge and experience with GRC tools such as Archer, OpenPages (with business system analyst roles & responsibilities)
• Responsible for managing relationships with third parties that provide data services for Continuous Monitoring program, including closing findings, completing assessments, and attesting that ongoing management activities are conducted.

• Good understanding of various components of an enterprise cybersecurity program, including governance structures, risk and threat management, key controls, key processes, security architecture and security training and awareness programs.
• Proven experience in providing guidance on transforming cyber security programs/implementation of technologies used for enterprise security.
• Provide advice to clients on best practices for managing the cyber security risks during digital transformation as organizations adopt Cloud, DevOps, and new architecture frameworks.

• Develops strategies and action plans to improve risk and control maturity in areas where controls do not adequately mitigate risks.
• Directs developing cybersecurity risk management programs and processes in alignment with enterprise risk management framework.
• Demonstrates proven knowledge in developing Cybersecurity KPI and KR and reporting frameworks
• Proven experience in developing and maintaining cyber risk management and ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to business owners.
• Performing cyber threat modeling and business impact analyses to ensure cyber assets are adequately protected with proper cybersecurity measures and controls
  

Required Communication, Presentations and General skills:

• Excellent communication and written skills and executive presence that enable effective engagement with senior client stakeholders and ability to interpret and articulate the security scenario to non-technical audiences.

• Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs.
• Ability to create domain specific training content and deliver trainings effectively
• Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts
• Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Strong presentation, project management, workshop/meeting facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
• Develop/Implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.
• Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they\'re adequately addressed in client\xe2\x80\x99s security strategy plans and architecture artifacts.
• Ability to communicate business impacts of cybersecurity risks to senior management and translating technical concepts to a business/non-technical audience.
• Stay up to date with emerging security threats and industry trends.

Minimum Degree Required: Bachelor\xe2\x80\x99s or master\xe2\x80\x99s degree in Computer Science/Communications or related field from reputed Indian universities

Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information

Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Optional Skills Desired Languages (If blank, desired languages not specified) Travel Requirements 0% Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date