Line of Service

Advisory

Industry/Sector

FS X-Sector

Specialism

Risk

Management Level

Associate

Job Description & Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisation's security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure.

Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations.

Job Description & Summary

We are seeking a highly skilled and experienced Cybersecurity/Risk Consulting Associate to join our Risk Consulting team. As a Cybersecurity Associate, you will be responsible for delivering high-quality cybersecurity, privacy and risk management services to our clients. You will work on various types of projects, including but not limited to security assessments, DLP, DAM, CASB, Data Discovery, Data Classification, Encryption, DSPM, Zero Trust solutions, cybersecurity audit projects, privacy assessments, risk assessments, cyber maturity assessments, security configuration review projects, industry framework-based reviews, and more. The ideal candidate should possess strong project management skills, technical expertise in cybersecurity, and a comprehensive understanding of best practices in the field.

Responsibilities:

· Develop project plans, set project goals, and allocate resources effectively.

· Deliver, monitor project progress, identify and resolve issues, and manage client expectations.

· Track project milestones, deliverables, and timelines to ensure timely completion.

· Provide regular project status updates to stakeholders, including clients and senior management.

· Team Leadership and Mentoring:

· Foster a collaborative and inclusive work environment that encourages professional growth.

· Stay updated on industry certifications and encourage team members to pursue relevant certifications.

· Client Relationship Management:

· Build and maintain strong relationships with clients, acting as their trusted advisor in cybersecurity and risk management.

· Understand clients' business objectives and tailor consulting services to meet their specific needs.

· Identify opportunities for additional services and upselling based on clients' evolving cybersecurity requirements.

· Regularly communicate with clients to provide project updates, address concerns, and ensure client satisfaction.

· Managing Data Protection (DLP, CASB, DAM, Data Discovery, Data Classification, Encryption, Zero Trust, DSPM) Projects:

· Coordinate and oversee Data Protection projects, including scoping, planning, and execution.

· Deploy tools and analyze security incidents and align project goals with business objectives

· Collaborate with clients to understand their specific security requirements and tailor policy development accordingly.

· Prepare detailed documents for the policies, procedures, implementation report outlining relevance and effectiveness

· Managing Cybersecurity Audit Projects:

· Plan and execute cyber audit projects based on industry standards and best practices.

· Evaluate clients' information systems, processes, and controls to assess compliance with relevant regulations and frameworks.

· Identify gaps and weaknesses in existing cybersecurity controls and recommend remedial actions.

· Review and assess the effectiveness of clients' cybersecurity policies, procedures, and incident response plans.

· Prepare audit reports summarizing findings, recommendations, and areas for improvement.

· Conduct ISO audits to evaluate clients' compliance with ISO 27001 and other relevant standards.

· Assess clients' information security management systems and processes.

· Identify non-compliance issues and provide recommendations for achieving ISO certification.

· Collaborate with clients to develop and implement necessary controls and security measures.

· Privacy Assessments:

· Assist clients in developing Data Protection and privacy policies.

· Evaluating the data protection and privacy practices

· Conducting Privacy Impact Assessments

· Supporting and guiding clients in adhering to the complex web of relevant national and international regulations (e.g. GDPR, DPDPA)

· Cybersecurity Maturity Assessments:

· Evaluate clients' cybersecurity maturity levels based on industry frameworks (e.g., NIST CSF).

· Assess the effectiveness of clients' security controls and programs.

· Identify gaps and areas for improvement to enhance clients' cybersecurity posture.

· Develop and present maturity assessment reports, including recommendations for enhancing cybersecurity maturity.

· Cybersecurity Policies and Procedures:

· Develop and review cybersecurity policies, standards, and procedures for clients.

· Ensure policies are aligned with industry best practices, regulatory requirements, and clients' specific needs.

· Collaborate with clients to establish governance frameworks for policy implementation and enforcement.

· Conduct policy gap assessments and recommend updates or enhancements as needed.

· Assist clients in developing incident response plans, disaster recovery plans, and business continuity plans.

· Provide guidance on policy enforcement, employee awareness, and compliance monitoring.

· Stay updated on evolving cybersecurity threats and regulations to ensure policy relevance and effectiveness.

· Security Awareness and Training:

· Develop and deliver cybersecurity awareness and training programs for clients' employees.

· Educate clients on best practices for cybersecurity, including social engineering awareness, password hygiene, and data protection.

· Stay updated on emerging threats and trends and incorporate relevant information into training programs.

· Conduct phishing simulations and other security awareness activities to assess and improve clients' security awareness levels.

· Regulatory Compliance:

· Stay informed about relevant cybersecurity regulations and compliance requirements.

· Assist clients in understanding and complying with regulatory obligations.

· Conduct compliance assessments to evaluate clients' adherence to applicable regulations.

· Develop and implement compliance frameworks and controls.

· Research and Thought Leadership:

· Conduct research on cybersecurity topics and contribute to the development of thought leadership materials (whitepapers, articles, etc.).

· Present at industry conferences and events, showcasing expertise and promoting the consulting firm's capabilities.

· Engage with industry forums and professional networks to stay connected with the cybersecurity community.

Good to have requirements:

· Regular MBA

· Experience managing multiple projects simultaneously.

· No gaps in education/ experience (gaps if any, must be justifiable)

Mandatory Skill Sets:

· Strong project management skills with the ability to lead and manage multiple projects simultaneously.

· Experience with DLP, CASB, DAM, Encryption, DSPM, Zero Trust Implementation, Monitoring & Assessment along with data discovery and data classification

· In-depth knowledge of cybersecurity frameworks, standards, and best practices (e.g., ISO 27001, NIST CSF, DPDP Act).

Preferred Skill Sets:

· Excellent communication and presentation skills with the ability to effectively convey complex technical concepts to non-technical stakeholders.

· Strong analytical and problem-solving skills.

· Ability to work independently and collaboratively in a team environment.

· Attention to detail and commitment to delivering high-quality work.

Years of Experience required:

· Proven experience (2-5 years) in a similar role, preferably in a consulting environment

Education Qualification:

· Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field.

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Technology

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Data Confidentiality

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing {+ 11 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date