Cyber Security Senior Associate
Cyber security is one of the defining topics of our age, and cyber risk represents one of the most significant strategic risks to PwC’s clients. We believe helping our clients gain confidence in their digital future is essential to their growth, and as a result our cyber security practice is one of the key growth priorities of our firm.
We are one of the largest cyber security specialist consulting practices in the UK, we work closely with the leading experts, researchers, tech vendors and government agencies in the field, and we serve some of the largest and most complex clients in the world.
This is an exciting time to be working in cyber security, and nowhere more so than at PwC.
Our cyber security practice operates nationally, and serves clients holistically with both strategy, risk and governance advice, and with deep technical implementation and assurance expertise. We have over 200 practitioners who range from business risk advisors who work with CEOs, CFOs and boards, to deep technical subject matter experts (SMEs) who help clients implement controls to help protect their businesses from attack, and support them to respond appropriately when an attack occurs. Our career models recognise both the business risk advisors and the technical SMEs, and give our people the opportunity to be challenged and to develop whatever their chosen cyber security specialism.
About the role
A Senior Associate in our Cyber Security practice provides technical advice, guidance and support on cyber security, both in business-as-usual and for live and planned projects within our clients’ businesses.
You will be a generalist but have specialities in specific areas which can be developed and honed as your career develops. This role would suit someone who is comfortable working across the cyber security spectrum and disciplines. We will offer you opportunities to develop your skills in different areas of cyber security.
Duties and Responsibilities:
In this role, you can expect to perform any of the following client delivery work:
Provide input to a security strategy and/or target operating model for an information security function
Conduct a security threat, risk, capability and/or maturity assessment
Design technical solutions to address specific security challenges
Provide security subject matter expertise within a wider strategic client engagement
You can also expect to perform the following business development activities:
Meet with clients to understand their needs and help produce proposals to address them
Develop toolkits, methodologies and accelerators to enhance our sales and delivery capability
Contribute to our research and thought leadership to improve the eminence of our practice
Collaborate with third party vendors to develop new and innovative security services for our clients
Essential skills and experience:
As a minimum, candidates for this role must have the following:
Some (however limited) information security experience in any form (i.e. operational, consultancy and/or sales)
Strong academic background such as a Bachelor’s or Master’s degree in any subject (candidates without academic degrees must be able to demonstrate professional development and supporting vocational and industry qualification)
Excellent business writing skills, particularly report writing skills
A good understanding of IT infrastructure fundamentals such as networks, operating systems and databases
Knowledge of infrastructure and application security requirements and benchmarks (e.g. OWASP, CIS)
While not prerequisites, the following will be advantageous:
Experience or understanding of security legislation and regulatory frameworks (e.g. DPA, PCI-DSS, RIPA, PSD-2, GDPR)
Experience or understanding of security methodologies and industry standards (e.g. ISO27001, NIST, SANS)
Any cyber/information security certification (e.g. CISSP, CISA, CISM, GIAC)
Experience of internal or external consulting or audit engagements
Exposure to multi-tier, web based and cloud based IT architectures
Knowledge of security technologies (e.g. AV, SIEM, IDM, IPS, F/W, SSO, DLP)
Knowledge of security assessment frameworks (e.g. threat modelling, controls assessment, risk assessment)
Who we’re looking for
We are looking for individuals that thrive in an entrepreneurial environment such that they are comfortable working independently with little supervision and have a strong desire to learn and a willingness to share knowledge.
People that succeed in our business have a passion for cyber security, are naturally inquisitive and get a buzz from solving complex problems. Furthermore, they have a good attention to detail allied with exceptional analytical and technical aptitude. Most of all, they are excellent communicators as we are in a business founded on strong relationships.