Cybersecurity & Privacy - Senior Associate
Location:
McLean , Virginia
Posted:
December 09, 2016
Reference:
89652BR
PwC/LOS Overview
PwC is a network of firms committed to delivering quality in assurance, tax and advisory services.

We help resolve complex issues for our clients and identify opportunities. Learn more about us at www.pwc.com/us.

At PwC, we develop leaders at all levels. The distinctive leadership framework we call the PwC Professional (http://pwc.to/pwcpro) provides our people with a road map to grow their skills and build their careers. Our approach to ongoing development shapes employees into leaders, no matter the role or job title.

Are you ready to build a career in a rapidly changing world? Developing as a PwC Professional means that you will be ready
- to create and capture opportunities to advance your career and fulfill your potential. To learn more, visit us at www.pwc.com/careers.

What will you do if you work in Assurance at PwC?
You'll ask questions and test assumptions. You'll help determine if companies are reporting information that investors and others can rely on. You'll help businesses solve complex issues faced by management and boards. You'll serve the public interest and the capital markets by conducting quality audits. Visit http://pwc.to/pwcassurance for more information on PwC's Assurance practice.

The world is quickly changing, that's why PwC is quickly adapting. We're capitalizing on trends that will impact corporate reporting.

Our focus is on globalization, technology, sustainability and environmental reporting, population shifts and regulation. We combine skills and experience to help our clients address their challenges.

Job Description
Boards of Directors and executive management recognize the ever increasing importance of effective risk management efforts in meeting their organization's strategic objectives.



PwC's Risk Assurance practice has developed a holistic approach to risk that protects businesses, facilitates strategic decision making and enhances efficiency. Our holistic approach is complimented by the extensive risk and controls technical knowledge and sector-specific experience our Risk Assurance professionals possess.

The end result is a risk solution that is tailored to meet the unique needs of a company.

Areas where our Risk Assurance practice can bring value to an organization include:

- Leveraging industry and technical expertise to assist management to address more effectively risks associated with their business
- Assisting management in the assessment of project risks and controls
- Enhancing internal audit functions to further align to company strategy and risk
- Reducing company costs through strategic internal audit outsourcing and co-sourcing solutions
- Increasing value and reducing costs of compliance-related activities
- Identifying opportunities for companies to effectively mitigate risk and improve business performance
- Applying the concepts of Enterprise Risk Management to help companies identify, assess, mitigate and proactively consider emerging risks

The Cybersecurity, Privacy and IT Risk team is part of Risk Assurance. Our team of professionals help clients develop a vision for their cybersecurity and privacy program, design and build a sustainable and agile program, operate aspects of the program and provide an independent review and assurance of their program to Management or 3rd party stakeholders.

Cloud services are being adopted globally to enable business advantages of quick deployment, cost-effectiveness and state-of-art functionality. However, the clouds have a gap between users and service providers in cloud security, data protection and privacy. Digital business requires a new view on cloud security, business needs and technology strategy.

An emerging practice at PwC is that of Cloud Risk Assurance that assesses cloud threats, business and IT operations risks, and compliance and governance program effectiveness. PwC conducts audits for overall cloud operations as well for specific cloud platforms such as O365, SFDC.com, AWS, Azure, WorkDay and ServiceNow.

Our Key Services are:
- Cloud cDiscoveryTM- Discover and assess risk of cloud services and their usage across an organization
- Cloud operations cLifecycleTM – Build risk assurance for every stage of the cloud operations lifecycle
- Cloud lifecycle for services – Assess the controls and risk management for cloud services such as O365, SFDC.com, AWS, Azure, WorkDay and ServiceNow
- Cloud Audit – Audit of cloud risk domains against assertions, assess cloud risk management program and operations maturity
- Cloud Service Provider Assessments – Assess third party vendor risk management programs and cloud attestations
- Cloud Risk and Compliance Management
- Efficiently and effectively identify, evaluate and manage risk to the business while addressing the evolving regulatory requirements
- Cloud Information and Privacy Protection
- Identify, prioritize, and protect sensitive or high value business assets in the cloud
- Cloud Identity and Access Management
- Provide integrated and secure processes, services, and infrastructure to enable appropriate controls over access to critical systems and assets.

Position/Program Requirements
Minimum Year(s) of Experience: 2 years of experience in Cloud security operations, IT Risk Management and/or IT Internal Audit including experience in Information Security & Technical Privacy related to cloud services.


Minimum Degree Required: Bachelor's degree in Accounting, Finance/Economics, Management Information Systems, Computer Science, Business Administration, Statistics Mathematics, Regulatory Compliance, Science, Technology, Engineering & Mathematics and/or other business fields of study.


Certification(s) Preferred: Obtained or demonstrates an active pursuit of one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Knowledge Preferred:

Demonstrates extensive knowledge of cloud IT stack extending from on premise to cloud in one or more areas:
- Virtualization to infrastructure, systems integrations, networks, middleware, applications and APIs, services and connected applications, services, mobile, social and big data;
- Cloud operations and technology tools used to protect data and privacy, monitor and reporting (eg DLP, SIEM, GRC, firewalls, etc);
-Major cloud service platforms security functionality for IaaS (eg: AWS, OpenStack), PaaS (eg: Azure) and SaaS (eg: ERP, HCM, CRM, etc).

Demonstrates thorough knowledge of performing cloud IT Risk and Security assessments across a broad range of technologies, leveraging thorough technical and operational knowledge of Information Security best practices and industry standards.

Demonstrates thorough knowledge of providing consultancy and assurance services for Information Security cloud strategy, policies, organization and governance, including the participation in proposal development efforts.

Demonstrates thorough knowledge and some exposure to the common cloud issues facing clients who provide products and services in several sectors that include, but are not limited to Financial Services, Manufacturing, Retail, Media and Entertainment, and Energy.

Demonstrates thorough experience as a cloud assurance consultant, auditor or Information Security analyst in a professional services firm or large enterprise, which includes:
- Interfacing with clients on control solutions;
- Leading the planning and execution of projects in the following areas: Information Security, Risk Management, Technical Privacy/Compliance, IT Security Audit, and / or IT Risk Management.

Demonstrates aspirations to have a broad career in IT Risk & Security Assurance.


Skills Preferred:

Demonstrates thorough abilities with performing the following as it relates to Information Security strategy, organization, policy and Governance: information security, IT audits, risk assessments, network and application penetration testing and security assessments, intrusion detection, vulnerability/risk validation, and secure application development.

Demonstrates thorough abilities to identify and address client needs: actively participating in client discussions and meetings; communicating a broad range of Firm services; managing engagements including preparing concise, accurate documents and balancing project economics management with the occurrence of unanticipated issues.

Demonstrates thorough abilities as a team leader: creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members; providing candid, meaningful feedback in a timely manner; and keeping leadership informed of progress and issues.



A little about us:
PwC is a network of firms in 157 countries with more than 184,000 people committed to delivering quality in assurance, tax and advisory services.

Know someone who would be interested in this job? Share it with your network.