Information Security Liaison Manager, IT Services, PwC
PwC IT Services provides shared technology services to PwC firms in a secure, legally compliant,
efficient and transparent manner.
The PwC IT Services Information Security Liaison is responsible for managing and coordinating PwC
IT Services Information Security projects, compliance audits and supporting compliance activities
primarily in relation to the Global Hosting Service (GHS) including:
- Being the central point of contact for Network Information Security (NIS) teams, supporting various GHS security technologies (firewalls, threat and vulnerability, security monitoring and incident handling and similar).
- Managing the supplier relationship and activities of managed services provided by internal and external Managed Security Service Providers (MSSPs).
- Controlling, monitoring and maintaining the compliance of IT-processes for Global Hosting Services, ensuring quality and compliance with the agreed compliance frameworks
- Supporting PwC IT Services’ Information Security Management System and contributing to the continuous improvement of operational processes and the ISMS by monitoring the performance of the Information Security Management System (ISMS), its compliance with existing laws and regulations, its alignment with emerging threats and incident trends, and compliance with the PwC Information Security Policy (ISP).
- Coordinating the on-going enhancements to the GHS Information Security posture with NIS.
- Oversee performance of NIS security services provided to GHS.
- Coordinate new GHS information security needs with NIS.
- Communicate and interact directly with other Network Information Security teams (e.g. SAEIT, CISO, Compliance pillars) to ensure optimal individual and group performance.
- Develop and manage GHS specific processes related to information security.
- Assist during security incident investigation within GHS. Investigate and make recommendation for corrective actions. Support post mortem review of the incidents.
- Maintain an understanding of complex application environments hosted by GHS and the compliance objectives required for each of these environments.
- Act as a focal point of contact for GHS’ customers for any information security related matters.
- Guide and oversee the activities of the NIS Ops teams or external security related support organizations and teams, supporting GHS. Assure the high quality of work products, client communication, and information security incident response reporting.
- Provide oversight to security incident response activities (triage, root cause analysis, escalations, notifications, communication, etc.).
- Act as an escalation point for the PwC Global Service Desk (GSD) / NIS CSIRT analysts and other organizations to ensure open channels of communication are effective for resolution of incidents. Establish and maintain communication, escalation, data retention, and reporting protocols.
- Support the implementation and maintenance of ISO 27001, SOC 2 and other security standards in GHS.
- Assist with the preparation and facilitation of compliance audits
- Support the administration of the information asset and risk management process, carrying out risk assessments, ensuring risk treatment plans are in place, progress is monitored and issues are escalated appropriately.
- Supporting the establishment, monitoring, evaluation and reporting of metrics (eg KPIs and risk indicators) to provide management with accurate information regarding the effectiveness of the ISMS.
- Acting as secretary to the ISMS Operating Group and Compliance Committee
- Controlling, monitoring and maintaining ISMS documentation
- Supporting ISP (Information Security Policy) compliance programme activities
- Provide support for data protection related activities within the GHS.
- Building relationships internally so as to promote information security within PwC IT Services.
The role holder reports to the Hosting Operations Leader regarding security liaison activities and to the Compliance Officer regarding compliance activities.
Job Requirements – Knowledge, Skills, and Abilities
- Experience in Information Technology and Information Security.
- Bachelor degree in Computer Science or related discipline.
- Experience in security aspects of multiple operating systems, applications, communications and network systems and protocols. Demonstrate expertise in securing (hardening) operating systems in production environments, with primary emphasis on Microsoft based systems.
- Excellent communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with Leadership and team members.
- Ability to identify and communicate complex technical issues to both technical and non-technical business representatives.
- Be capable of working autonomously and managing his/her workload, generally taking decisions alone.
- Professional security certifications or membership in similar organizations, e.g. Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), Certified Information Privacy Professional (CIPP), and Certified Information Systems Manager (CISM) is a plus.
- Ability to work on weekends, after hours as necessary on an unscheduled basis, especially during security incidents and emergencies.
- Ability to travel internationally to facilitate compliance audits and activities (approximately 20%).
- Experience in implementing or operating with compliance standards such as ISO 27001, SOC 2, etc. Ability to understand legal and regulatory requirements and business drivers, and to integrate these into the operating model.
- Ability to design, evaluate and document process improvements. Experience in leading process improvement teams and interacting with technical managers and development teams.