ITGRC Senior Associate

---

Job description

A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You'll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Use feedback and reflection to develop self awareness, personal strengths and address development areas.
• Delegate to others to provide stretch opportunities, coaching them to deliver results.
• Demonstrate critical thinking and the ability to bring order to unstructured problems.
• Use a broad range of tools and techniques to extract insights from current industry or sector trends.
• Review your work and that of others for quality, accuracy and relevance.
• Know how and when to use tools available for a given situation and can explain the reasons for this choice.
• Seek and embrace opportunities which give exposure to different situations, environments and perspectives.
• Use straightforward communication, in a structured way, when influencing and connecting with others.
• Able to read situations and modify behavior to build quality relationships.
• Uphold the firm's code of ethics and business conduct.

If you are seeking an exciting career with the scope to grow your cyber security skills through major change on a global scale, then NIS will empower you to do so.

The Information Security Risk and Compliance pillar within NIS is responsible for the following services:

• Information Security Policy and Governance
• Risk Management and Compliance
• Metrics and Reporting
• Quality Management (eGRC)

If you love the strategic side of information security this is the place to be. Within ISRC we work to create the global information security governance framework within PwC. Management of information security risks is imperative to our mission and ISRC set the minimum baseline for information security across the network of member firms. Identification, tracking and mitigation of risk through an enterprise risk register is the overall goal for the function, enabling PwC to have full visibility into potential information security risks across our estate. Delivering a business first framework aligned to industry standards in information security enables NIS to coordinate risk management and compliance efforts across the Network of firms.

Scope of Responsibility:
Core skills within the Information Security Risk and Compliance Team consist of:

• Assessing the requirements and managing the legal, regulatory and policy compliance risks pertaining to Network Information Security and the network of member firms' use of technology;
• Leveraging technology and processes to enable the network of member firms to mitigate legal and regulatory risks and reduce the cost of compliance;
• Liaise with other global Risk functions (e.g., Risk Management, Internal Audit, Physical Security, Privacy Office, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution;
• Consult with the Office of General Counsel as needed to resolve difficult legal compliance issues;
• Collaborate with PwC IT to align security processes and tools; and
• Responsible for the technical and process support of Network Information Security-related audits.

Strategic and Technical Orientation / Job Content:

Individuals selected for this role are expected to have both extensive knowledge and managerial know-how related to the following aspects of the Information Security Risk and Compliance pillar skills matrix:

• Experience managing multiple relationships and stakeholders throughout major transformation;
• Detailed understanding of risk management;
• Experience in a role balanced between business stakeholders and a central technology service organization;
• Experience navigating a matrix organization;
• Experience collaborating with multiple stakeholders across functional and technical skillsets; and
• Experience in a global professional services organization, preferably in the financial services industry.

Range of Impact:

• A Senior Associate (SA) employee possesses deep functional knowledge in a specific subject matter area or technical domain that is applied to solve business problems and deliver necessary results. The employee incorporates existing Firm knowledge, subject matter, or technical domain expertise into work activities. SA staff often resolve challenging problems in collaboration with others and take initiative when appropriate to make independent choices on matters of significance, and influence others within their own functional area or team.
• Demonstrates proven skills and thorough comprehension in functional areas of Risk Management both as an individual contributor and team member.
• Monitor workloads within the team to deliver against the requirements within Risk Management while making sure leadership are informed of progress and issues.
• Build and maintain relationships across the network of firms to effectively deliver Risk Management activities on behalf of NIS
• Executes tasks aligned to Risk Management with autonomy
• Leverage knowledge of risk identification, assessment, treatment processes to contribute to the development of new domain expertise in those processes on an ongoing basis

An effective ISRC pillar candidate will also possess the following skills:

• Analytical: Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
• Technical: Broad understanding of security technology and related risk and compliance issues related to them
• Business: High level understanding of PwC's business model, service offerings, and business operating environment as it pertains to the firm's threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
• Domain landscape: Knowledge of information risk and compliance principles
• Communication: Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms' staff and leadership to enable effective information security activities and processes in line with the cyber readiness program

Not the role for you?
Did you know PwC offer flexible contract arrangements as well as contingent work (ie temporary or day rate contracting)?

The skills we look for in future employees
All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, 'The PwC Professional' and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.
Learn more here:

The Deal
We want all of our people to feel empowered to be the best that they can be, which is why we have 'The Deal'.
Find out more about our firmwide Employee Value Proposition:

Diversity
Valuing Difference. Driving Inclusion.
We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool because creating value through diversity is what makes us strong as a business, enabling us to solve important problems and deliver value to our clients. We encourage an inclusive culture where people can be themselves, are valued for their strengths and are empowered to be the best they can be. As an organisation with an increasingly agile workforce, we also support different ways of working offering flexible working arrangements. Learn more here about our work to support an inclusive culture.