Information Security Risk and Compliance Senior Manager
PwC is driving major change across information and cyber security by building a centralized model to provide security services across the entire network of member firms.
Mandated at the network level, Network Information Security (NIS) operates outside Information Technology (IT) and is responsible for this major program initiative, from definition of the security strategy to the execution of the global Cyber Readiness Program, moving from local to globally-provided services.
Our mission is to identify, control, and reduce the attack surface across the network of member firms while increasing our adversaries’ cost of attack.
In order to deliver the Cyber Readiness Program, the NIS team is structured into the following Pillars:
Information Security Risk and Compliance (ISRC)
Chief Information Security Office (CISO)
Security Architecture, Engineering, Innovation and Transformation (SAEIT)
Cyber Security Services
Strategy and Alliances
Chief of Staff
If you are seeking an exciting career with the scope to grow your cyber security skills through major change on a global scale, then NIS will empower you to do so.
The Information Security Risk and Compliance pillar within NIS is responsible for the following services:
Information Security Policy and Governance
Risk Management and Compliance
Metrics and Reporting
Quality Management (eGRC)
Scope of Responsibility:Core skills within the Information Security Risk and Compliance Team consist of:
Assessing the requirements and managing the legal, regulatory and policy compliance risks pertaining to Network Information Security and the network of member firms’ use of technology;
Strong understanding of information security controls & ISMS standards such as ISO27001/2, CobIT, CRISC etc.
Experience with SOC2 compliance standards
Leveraging technology and processes to enable the network of member firms to mitigate legal and regulatory risks and reduce the cost of compliance;
Liaise with other global Risk functions (e.g., Risk Management, Internal Audit, Physical Security, Privacy Office, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution;
Collaborate with PwC IT to align security processes and tools.
Range of Impact:
A 4E Level employee possesses deep understanding of Information Security Risk Management applied in the support of and integration with key business and strategic priorities.
The employee will contribute new intellectual capital through deep knowledge and direct professional experience in a subject matter area and/or technical domain within Information Security Risk Management.
The candidate should possess the ability to translate pillar strategy by leading and/or managing others and performing work with significant independence, and will be influential both internally and externally through building and leading a large team or complex project, or multiple teams or projects, within the Information Security Risk Management team.
Possesses a proven track record of success in managing efforts within the Information Security Risk Management space.
Building and maintaining complex programs while supervising teams to execute against overall strategy.
Executes tasks aligned to Information Security Risk Management with autonomy.
Contribute to the security design decisions.
Technical administration across desktop systems such as Microsoft Windows, Microsoft Services and Macintosh.
Administration of security platforms across Microsoft, Linux and Macintosh operations platforms.
Manage and improve Information Technology Infrastructure Library (ITIL)-based processes used to support security solutions: Incident Management, Requests Fulfilment, Change Management, Problem Management, etc.
Collaborates with global Risk and Compliance functions to maintain satisfaction with global Compliance offices.
Collaborates with Network Information Security Compliance team leaders to implement common processes and tools
Benchmarks with outside networks and peer organizations
- Privacy policies and laws; cross-border data protection laws
- Data retention policies and best practices
- Document discovery and preservation
- IT Security; principles of risk management
- Software licensing and intellectual property protection
- Internal Audits and other audit-related activities for Network Information Security
Quality Service Delivery:
Responsible for the evolution of Network Information Security’s electronic governance, risk, and compliance (eGRC) infrastructure and tool set
Management of the Network Information Security Compliance team
Responsible for response to Network Information Security related audit responses
Development of team members
Suggests new programs, training and continuous process improvement for function to the Managing Director of ISRC
Achievement of goals aligned to Network Information Security and ISRC
Regular and active participation in leadership meetings
Effective management of assigned budget vs. actual spend
People and Performance Management
Hiring of quality personnel and motivation and retention of top performers
Period Feedback Form (PFF) initiation and management
Strategic and Technical Orientation / Job Content:Individuals selected for this role are expected to have knowledge related to the following aspects of the Information Security Risk and Compliance pillar skills matrix:
Experience managing multiple relationships and stakeholders throughout major transformation;
Detailed understanding of risk management;
Experience in a role balanced between business stakeholders and a central technology service organisation;
Experience navigating a matrix organisation;
Experience collaborating with multiple stakeholders across functional and technical skillsets; and
Experience in a global professional services organisation, preferably in the financial services industry.