SRC NIST Maturity Assessment Senior Associate

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively.

As a risk management generalist at PwC, you will provide advisory and practical support to teams across a wide range of specialist risk and compliance areas.

Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow.

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Respond effectively to the diverse perspectives, needs, and feelings of others.
• Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems.
• Use critical thinking to break down complex concepts.
• Understand the broader objectives of your project or role and how your work fits into the overall strategy.
• Develop a deeper understanding of the business context and how it is changing.
• Use reflection to develop self awareness, enhance strengths and address development areas.
• Interpret data to inform insights and recommendations.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.

The NIST experienced Senior Associate will play a vital role in identifying cyber risks and describing the desired outcomes. 

The ideal candidate should have a strong understanding of NIST CSF (NIST Cybersecurity Framework) and other NIST and 

industry recognized standards, possess excellent communication and organizational skills, and be able to work independently as 

well as part of a team.  

 

The NIST Experienced Senior Associate is expected to assist in the following activities: 

• Independently perform NIST CSF Maturity Assessments in collaboration with the client’s sponsor, identify and engage  

with stakeholders across different functional areas, including but not limited to the business, IT, Security, Legal &  

Compliance, and HR. 

• Understand clients’ security organization, including roles and responsibilities, interactions with other enterprise functions 

and role of third parties, etc. 

• Participate or facilitate workshops and/or individual interviews to identify, document gaps and current state of  

Cybersecurity. 

• Review IT and security architectures, design patterns, and other technical documentation. 

• Draft assessment reports including Executive Summary, observations/recommendations/peer comparisons, benchmark  

etc.  

• Suggest Cybersecurity strategic initiatives to achieve future/target state. 

• Create a roadmap for identified cyber initiatives. 

• Conduct NIST CSF, NIST 800-53, NIST 800-171, ISO, CRI etc. gap assessments or compliance testing. 

• Perform evidence validation to ensure compliance. 

• Define testing and sampling procedures. 

• Develop SOW’s, RFP’s in alignment to client’s requirements and lead the CoE. 

• Lead business development efforts in alignment to NIST CoE requirements. 

 

Years of Experience   

• 4-8 years of Information Security industry experience and min 3+ relevant experience in NIST CSF Maturity Assessments, ISO,FFIEC, Cloud security CRI (desired). 

 

Position Requirements  

• Conduct Maturity assessments based on NIST frameworks. 

• Perform gap assessments and Control testing using NIST standard/frameworks. 

• Good understanding of compliance standards/frameworks like ISO 27001/27002, NIST, COBIT, SOX, GLBA, SSAE16/SOC 2, etc. will be an advantage. 

• Excellent written and oral communication skills, can express thoughts clearly, knows how to listen, take detailed notes and contribute in a team environment. 

 

Desired Knowledge  

• NIST CSF, NIST 800-53, NIST 800-171, Cloud security and other industry standards such as ISO, PCI, HITRUST etc. 

• Excellent leadership, teamwork and collaboration skills. 

• Ability to quickly acquire and utilize knowledge on new technologies and solutions, emerging threats and vulnerabilities. 

 

Desired Skills  

• Excellent MS-Office skills 

• Results oriented, high energy, self-motivated. 

• Flexible to learn cross-skills 

 

Professional and Educational Background  

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems). 

• Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC). 

Additional Information  

Travel Requirements: Not Applicable 

• Line of Service: Advisory 

• Industry: Consulting 

• Must be ready to work on-site full-time (timings will be 2 pm or sooner until 11 pm IST)  

Minimum Years of Experience: 

3 - 8 years

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Anti-Money Laundering (AML), Coaching and Training, Communication, Compliance Advisement, Compliance Oversight, Compliance Program Implementation, Compliance Risk Assessment, Confidential Information Handling, Contract Review, Contractual Risk Mitigation, Contractual Risk Monitoring, Contract Writing, Creativity, Crisis Management, Data Loss Prevention (DLP), Data Security, Discretion and Business Ethics, Embracing Change, Emotional Regulation, Empathy, Financial Risk Management {+ 32 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date