Compliance Testing-Operational Risk & Controls Specialist-Senior Associate

Job Description

DescriptionLine of ServiceInternal Firm ServicesIndustry/SectorNot ApplicableSpecialismManaged ServicesManagement LevelSenior AssociateJob Description & SummaryA career in Risk Management, within Internal Firm Services, will provide you with the opportunity to advance and foster integrity based decision making and conduct by PwC professionals throughout our organisation. You ll focus on promoting and monitoring compliance with applicable external laws and regulations as well as internal policies and procedures to help manage PwC s regulatory, litigation, and reputational risk.Our Compliance team is responsible for oversight of all Compliance activities by our PwC professionals. As part of the team, you ll help promote and monitor compliance with applicable external and internal policies, laws and regulations and subsequently, manage PwC s regulatory, litigation and reputational risk.To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.As a Senior Associate, youll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Use feedback and reflection to develop self awareness, personal strengths and address development areas.
• Delegate to others to provide stretch opportunities, coaching them to deliver results.
• Demonstrate critical thinking and the ability to bring order to unstructured problems.
• Use a broad range of tools and techniques to extract insights from current industry or sector trends.
• Review your work and that of others for quality, accuracy and relevance.
• Know how and when to use tools available for a given situation and can explain the reasons for this choice.
• Seek and embrace opportunities which give exposure to different situations, environments and perspectives.
• Use straightforward communication, in a structured way, when influencing and connecting with others.
• Able to read situations and modify behavior to build quality relationships.
• Uphold the firms code of ethics and business conduct.

You will need to demonstrate technical understanding/experience across the following areas of Cyber Security;

• Knowledge of cloud computing environments.
• Knowledge of characteristics of SaaS, PaaS and IaaS solutions.
• Evaluating the control environment including review of compensating controls and risk mitigation.
• Information Security assessment processes, including audit, vulnerability scanning, and security policy and standards review.
• Creating or managing IT security policies and standards.
• Experience in reviewing or generating assurance reports such as SOC, ISO, PCI/DSS etc.
• Understanding of Information Security fundamentals across multiple domains, including (but not limited to) security management, security architecture, application security, network security, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, laws, investigations, and ethics.

Key Responsibilities

• Perform risk assessment on suppliers and identify risk domains.
• Conduct remote/onsite security assessments.
• Review policy and procedures relating to information security and data privacy.
• Ensure that potential issues are raised promptly and discussed with management to identify options to mitigate risk.
• Identify, document and communicate control gaps/deficiencies to internal and external stakeholders
• Demonstrate client management skills throughout the assessment process.
• Identify process efficiencies/enhancements to keep assessment programs in line with industry best practices.
• Perform other duties as assigned.
• Manage a large and diverse portfolio of Vendors for the firm;
• Negotiate remediation plan with suppliers
• Maintain open communication channels with senior stakeholders through regular governance sessions, escalating appropriately as and when required.
• Own the quality of all client outputs and ensure all client and internal document repositories are accurate and up to date

Essential Criteria

• 2 or more years experience in professional roles involving information security, data privacy and/or controls testing.
• Knowledge of information risk and compliance principles. Broad understanding of security technology and related risk and compliance issues
• Senior stakeholder relationship management
• Excellent attention to detail and a passion for delivering high quality output for clients

Desirable Criteria

• Cyber Security related certifications including ISO27001 Lead Auditor, CISA, CISM, COBIT, CISSP, CIPM
• Degree in Information Technology or related subject or equivalent experience
• Strong understanding of information security controls & ISMS standards such as ISO 27001/2, COBIT and NIST
• Experience with SOC2 compliance standards

Education (if blank, degree and/or field of study not specified)Degrees/Field of Study required: Degrees/Field of Study preferred:Certifications (if blank, certifications not specified)Desired Languages (If blank, desired languages not specified)Travel RequirementsNot SpecifiedAvailable for Work Visa Sponsorship NoGovernment Clearance Required NoJob Posting End DateJuly 31, 2021,

Keyskills :
it securityclient managementaccess controldata privacyit security policiesiso 27001physical securitynetwork securitysecurity policyrisk assessmentcyber securityrisk managementcloud computinginformation risk