PwC is a network of firms committed to delivering quality in assurance, tax and advisory services.
We help resolve complex issues for our clients and identify opportunities. Learn more about us at www.pwc.com/us.
At PwC, we develop leaders at all levels. The distinctive leadership framework we call the PwC Professional (http://pwc.to/pwcpro) provides our people with a road map to grow their skills and build their careers. Our approach to ongoing development shapes employees into leaders, no matter the role or job title.
Are you ready to build a career in a rapidly changing world? Developing as a PwC Professional means that you will be ready
- to create and capture opportunities to advance your career and fulfill your potential. To learn more, visit us at www.pwc.com/careers.
What will you do if you work in Assurance at PwC?
You'll ask questions and test assumptions. You'll help determine if companies are reporting information that investors and others can rely on. You'll help businesses solve complex issues faced by management and boards. You'll serve the public interest and the capital markets by conducting quality audits. Visit http://pwc.to/pwcassurance for more information on PwC's Assurance practice.
The world is quickly changing, that's why PwC is quickly adapting. We're capitalizing on trends that will impact corporate reporting.
Our focus is on globalization, technology, sustainability and environmental reporting, population shifts and regulation. We combine skills and experience to help our clients address their challenges.Job Description
Boards of Directors and executive management recognize the ever increasing importance of effective risk management efforts in meeting their organization's strategic objectives.
PwC's Risk Assurance practice has developed a holistic approach to risk that protects businesses, facilitates strategic decision making and enhances efficiency. Our holistic approach is complimented by the extensive risk and controls technical knowledge and sector-specific experience our Risk Assurance professionals possess.
The end result is a risk solution that is tailored to meet the unique needs of a company.
Areas where our Risk Assurance practice can bring value to an organization include:
- Leveraging industry and technical expertise to assist management to address more effectively risks associated with their business
- Assisting management in the assessment of project risks and controls
- Enhancing internal audit functions to further align to company strategy and risk
- Reducing company costs through strategic internal audit outsourcing and co-sourcing solutions
- Increasing value and reducing costs of compliance-related activities
- Identifying opportunities for companies to effectively mitigate risk and improve business performance
- Applying the concepts of Enterprise Risk Management to help companies identify, assess, mitigate and proactively consider emerging risks
The Cybersecurity, Privacy and IT Risk team is part of Risk Assurance. Our team of professionals help clients develop a vision for their cybersecurity and privacy program, design and build a sustainable and agile program, operate aspects of the program and provide an independent review and assurance of their program to Management or 3rd party stakeholders.
The velocity and density of information in digital business has significant business benefits due to the insights it creates. However, it exposes new risks on how to protect this data and new privacy challenges to guide its appropriate use. Digital business requires a new view on security and privacy, one that is driven by the level of risk appetite and enablement of business and technology strategy.
Our Key Services are:
- Strategy, Governance and Management
- Prioritize investments, allocate resources, and align security and privacy capabilities with the strategic imperatives and initiatives of the organization;
- Security Architecture and Services
- Create sustainable security solutions to provide foundational capabilities and operational discipline;
- Emerging Technologies and Market Trends
- Assess the opportunities and security and privacy related risks of new technology adoption and dynamically changing business models;
- Threat, Intelligence and Vulnerability Management
- Anticipate changes in the risk landscape through situational awareness of the internal and external factors impacting the business ecosystem;
- Risk and Compliance Management
- Efficiently and effectively identify, evaluate and manage risk to the business while addressing the evolving regulatory requirements;
- Information and Privacy Protection
- Identify, prioritize, and protect sensitive or high value business assets;
- Attest and Assure
- Using non-financial-statement reports, including SSAE 16, agreed upon procedures and customized attestations, deliver confidence in companiesâ€™ organizationâ€™s policies, controls, processes and security;
- Identity and Access Management
- Provide integrated and secure processes, services, and infrastructure to enable appropriate controls over access to critical systems and assets;
- Incident and Crisis Management
- Plan, detect, investigate, and react timely and thoroughly to security incidents, breaches and compromises.Position/Program Requirements
Minimum Year(s) of Experience: 5 years of experience in IT Risk Management including experience in Cybersecurity & Privacy.
Minimum Degree Required: Bachelor's degree in Accounting, Finance/Economics, Management Information Systems, Computer Science, Business Administration, Statistics Mathematics, Regulatory Compliance, Science, Technology, Engineering & Mathematics and/or other business fields of study.
Certification(s) Preferred: Obtained or demonstrates an active pursuit of one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Knowledge Preferred:
Demonstrates extensive knowledge of and/or proven level of success in developing and implementing cybersecurity, privacy and IT risk strategies, preferably for a global network of professional services firms, including in the following areas:
Operational cybersecurity, privacy and/or IT risk knowledge, and/or standard industry practices relating to these areas, in order to assist clients with assessing their posture and improving their program;
Common cybersecurity, privacy or technology industry standards/ regulations (e.g. ISO 27001/27002, NIST 800 series, COBIT, PCI-DSS, ITIL, HIPAA / HITECH, EU Safe Harbor, CANSPAM) especially as it relates to building a program and/or managing internal controls, risk assessments, business process and internal IT control testing or operational auditing;
Providing consultancy services for cybersecurity, privacy or IT risk strategy, policies, organization and governance;
Common issues facing clients who provide products and services in several sectors that include, but are not limited to, Financial Services, Manufacturing, Retail, Media and Entertainment, and Energy; and,
- Emerging technologies, such as cloud, Internet of Things (IoT) and advanced analytics, is a plus.
Demonstrates extensive level of ability and/or proven success with assisting on client-facing engagement delivery, practice development, business development and thought leadership, preferably for a global network of professional services firms, including in the following areas:
Managing and/or contributing to project planning, engagement administration, budget management, and successful completion of engagement workstream(s);
Writing, communicating, facilitating, and presenting cogently to and/or for all levels of industry audiences, clients and internal staff and management;
Delivering clear requests for information and communicating potential conflicts, assisting business development teams responsible for writing and presenting proposals to prospective clients, and fostering and maintaining lasting relationships with senior executives;
Identifying and addressing client needs while displaying the ability to contribute to the development of a business vision and manage implementation efforts with complex project management capabilities; and,
Understanding personal and team roles; contributing to a positive working environment by building solid relationships with team members; and providing guidance, clarification and feedback to less experienced staff.
PwC is a network of firms in 157 countries with more than 184,000 people committed to delivering quality in assurance, tax and advisory services.