Line of Service
Internal Firm Services
Industry/Sector
Technology
Specialism
IFS - Internal Firm Services - Other
Management Level
Senior Associate
Job Description & Summary
About the role:
PwC continues to invest in cyber security capabilities to protect our business and our clients. Within PwC's Global Network Information Security (NIS) team, the UK CISO Governance, Risk & Compliance (GRC) team acts as a trusted risk advisor to the UK business. By providing guidance on cybersecurity-related risks and ensuring alignment with PwC's global cybersecurity strategy, we help our UK stakeholders implement effective security measures to mitigate risks and protect the firm's interests.
What your days will look like:
As the Information Security Risk Advisor, your role is to work on risk management activities to help identify and reduce the risks related to information security associated with technology used within the firm
* Collaborate with key stakeholders to gather information on existing and emerging technologies, such as GenAI, and provide updates on progress and deliverables to your line manager and leadership.
* Identify and assess areas of risk and non-compliance, evaluating their impact and likelihood on the organisation (e.g. if a risk was exploited, what would be the financial or reputational impact).
* Organise and prioritise activities based on criticality and risk to the organisation, ensuring effective risk management.
* Act as a point of contact for business teams, addressing their information security concerns and providing guidance.
* Negotiate and drive the remediation of identified risks within the UK firm.
* Risk reporting for management and senior stakeholders to facilitate decision-making.
* Support risk remediation activities; manage and track identified risks until closure.
* Take ownership of project tasks, ensuring their successful delivery.
* Monitor personal Key Performance Indicators (KPIs) and meet deadlines consistently.
* Actively participate in team activities, contributing to strategic projects, communications, process improvement, knowledge sharing, and fostering a positive work environment.
This role is for you if:
* Previous proven experience in a similar information security or IT security role is essential.
* Formal certifications / qualifications in Information Security (CISM, CRISC, CompTIA Security+).
* Thrive on helping people with problem solving, stakeholder management/customer service outlook - working with business teams to achieve positive outcomes.
* Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
* Engaging communication skills to assist, inform, and build relationships with stakeholders in both the business and support teams, to enable effective information security activities and processes aligned to the firm's security strategy.
* Data manipulation and visualisation skills highly desirable (PowerBI, Alteryx, Excel).
* Time management skills, balancing working efficiently on your own and contributing as part of a wider team - prioritising and recognising when to escalate to management
* An interest in PwC's business model, service offerings, and business operating environment as it pertains to the firm's threat landscape.
What you'll receive from us:
No matter where you may be in your career or personal life, our benefits are designed to add value and support, recognising and rewarding you fairly for your contributions. We offer a range of benefits including empowered flexibility and a working week split between office, home and client site; private medical cover and 24/7 access to a qualified virtual GP; six volunteering days a year and much more.
We offer a range of benefits including empowered flexibility and a working week split between office, home and client site; private medical cover and 24/7 access to a qualified virtual GP; six volunteering days a year and much more.
Education (if blank, degree and/or field of study not specified)
Degrees/Field of Study required:Degrees/Field of Study preferred:
Certifications (if blank, certifications not specified)
Required Skills
Optional Skills
Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Governance, Data Architecture, Data Archiving, Data Flow Mapping, Data Privacy Act, Embracing Change, Emotional Regulation, Empathy, Enterprise Content Management, Incident Response Plan, Inclusion, Information Rights Management (IRM), Information Security, Information Security Governance, Information Security Management System (ISMS), Intellectual Curiosity, IT Infrastructure {+ 11 more}
Desired Languages (If blank, desired languages not specified)
Travel Requirements
Not Specified
Available for Work Visa Sponsorship?
No
Government Clearance Required?
No
Job Posting End Date