Senior Associate - Cyber Security (Non-pentest)

Line of Service

Assurance

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

We are PwC, a global professional services company and a Big Four firm. We are seeking candidates who have experience in cybersecurity advisory/assessment for the role of Senior Cybersecurity Consultant within the Cybersecurity and Privacy team.The role may be based at either our Hanoi office or Ho Chi Minh City office. Joining PwC, the successful candidates will have opportunities to collaborate with cybersecurity experts throughout the PwC global network and deliver cybersecurity services for clients in various sectors.

Work in a highly innovative and transformative business

Work/life balance with access to flexible work arrangements

Professional certification sponsorship – to develop your talent and enhance knowledge

What will your typical day look like? 

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organisation that provides an exceptional career experience with an inclusive and collaborative culture? 

 

Responsibilities: 

• Deliver cybersecurity and privacy assessments and advisory services such as cyber maturity assessments in accordance with NIST CSF and assessments of compliance with international standards such as ISO 27001, PCI-DSS, SWIFT, GDPR, etc.and local cybersecurity regulations such as Cybersecurity Law 

• Deliver multiple risk assurance services, including IT security vendor selection, cyber security project management, vulnerability assessment, penetration testing, incident response, threat hunting, and SOC 1,2,3 (ISAE) assessment 

• Identify cybersecurity risks and design controls tailored to the client’s environmentInterview key stakeholders and assess the effectiveness of cyber security design and operations 

• Design and develop cyber security documents including policies, processes, procedures, and guidelines 

• Consult and advise clients on cybersecurity strategies and roadmaps 

• Perform security configuration reviews for networks and systems in accordance withgood practices/standards 

• Engage in specific types of cyber security advisory and consulting projects related to DevSecOps, DLP, IAM, PAM, cloud security operations, etc. 

• Supervise and review work actively, providing support to other team members 

• Lead the team to challenge the status quo and exceed expectations 

• Work actively in supporting and monitoring business development areas and in following up on proposal processing in accordance with client expectations 

• Continuously research and follow up on the latest IT security and privacy challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc.)  

 

You are someone with: 

• 4+ years of proven experience in IT security operations, system security configuration review, IT security compliance assessment and/or cybersecurity audit 

• Experience in applying IT and cybersecurity frameworks and standards (such as NIST, CIS, COBIT, ISO standards, etc.) in the cybersecurity assessment process 

• Experience in identifying, assessing and reviewing local cybersecurity regulations such as Cybersecurity Law, Circular 09/2020 in Banking Industry, etc. 

• Experience in cybersecurity risk assessment and design and/or operation of cybersecurity controls 

• Experience in IT system development (SDLC) methodology and/or information security management systems (ISMS)  

• Experience in operating and/or implementing IT security solutions including firewalls, IDS, IAM, PAM, WAF, DLP, etc. 

• Experience in specific cyber security processes and technology such as incident response, DevSecOps, DLP, IAM, PAM, etc. 

• Knowledge of enterprise information security architecture 

• Ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and non-technical audiences 

• Excellent written and verbal communication skills 

• Self-motivation, excellent teamwork, commitment and confidence 

• Preference will be given to candidates who hold one of the following industry certifications: OSCP, OSDA, SSCP, CySA+, CCSK, CEH, CHFI, ECIH, CCNP, CREST, SANS, GIAC or equivalent 

• Preference will be given to candidates who hold relevant cloud certifications: AWS, Azure, GCP 

• Strong preference will be given to candidates who hold one of the following professional certifications: CISSP, CCSP, CSSLP, CISM, CISA, CRISC, CIA, PMP, ISO 27001 LA or equivalent 

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Learning Agility, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture {+ 8 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Up to 40%

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date