Cyber, Risk and Transformation Associate

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Associate

Job Description & Summary

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively.

As a risk management generalist at PwC, you will provide advisory and practical support to teams across a wide range of specialist risk and compliance areas.

Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities.

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Apply a learning mindset and take ownership for your own development.
• Appreciate diverse perspectives, needs, and feelings of others.
• Adopt habits to sustain high performance and develop your potential.
• Actively listen, ask questions to check understanding, and clearly express ideas.
• Seek, reflect, act on, and give feedback.
• Gather information from a range of sources to analyse facts and discern patterns.
• Commit to understanding how the business works and building commercial awareness.
• Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements.

As a Associate, you will be aligned to our Strategy, Risk, & Compliance team which is focused on helping clients with their cybersecurity risk, compliance and governance efforts. You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans. you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. 

Position Requirements  

• Assess the effectiveness of control frameworks to mitigate risks and achieve organizational goals. 

• Stay updated on relevant regulations, guidelines, and industry best practices to minimize risk and ensure compliance. 

• Recommend and implement corrective action plans to address and mitigate identified risks. 

• Conduct internal security evaluations to ensure compliance with regulatory and organizational standards. 

• Possess strong experience in conducting organization standard/policy gap and maturity assessments using industry best practices (NIST/ISO/PCI, etc.). 

• Analyze the security posture of organizations by assessing the design and implementation of security controls. 

• Strong understanding of cybersecurity and risk control frameworks and their application in supplier management. 

• Experience in vendor risk management, outsourcing risk management, technology risk, and information security. 

• Comprehensive understanding of various components of an enterprise cybersecurity program, including governance structures, risk and threat management, key controls, key processes, security architecture, and security training programs. 

• Recommend cybersecurity action plans to help organizations achieve their overall cybersecurity objectives. 

• Hands-on experience and proficiency in creating, writing, and maintaining cybersecurity standards and policies. 

• Experience partnering with various functions within the cybersecurity organization to capture and document services and associated core processes, work instructions, and templates. 

• Perform various assessments, including maturity assessments, audit readiness, controls design and effectiveness, planning, and framework assessments. 

• Develop program objectives for the design framework, encompassing the following elements: 

• Establishment of the first, second, and third lines of defense. 

• Formulation of clear vision and mission statements. 

• Conducting current state and target state assessments. 

• Planning and estimating the roadmap for the program. 

• Implementing robust program governance. 

• Creating target operating models for compliance standards such as NIST, PCI-DSS, HIPAA, HITRUST, ISO, and COBIT. 

• Define and assess cloud architecture, including the development of cloud reference architecture, target state cloud architecture, compliance requirements, and migration strategies. 

• Strong knowledge and experience with GRC tools, such as ServiceNow, MetricStream, OpenPages, Archer, and data analytics and visualization tools like PowerBI, Alteryx, and Tableau. 

• Proven experience in implementing effective and innovative technology solutions. 

Desired Knowledge  

• Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute to a team environment.  

• Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance. 

• Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs. 

• Ability to create domain specific training content and deliver trainings effectively 

• Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities. 

• Develop/implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture. 

• Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in client’s security strategy plans and architecture artifacts.  

Professional & Educational Background  

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems). 

• Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) 

Additional Information  

Travel Requirements: Not Applicable 

• Line of Service: Advisory 

• Industry: Consulting 

• Must be ready to work on-site full-time (timings will be 2 pm or sooner until 11 pm IST) 

Minimum Years of Experience 

1 - 3 years 

 

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Anti-Money Laundering (AML), Coaching and Training, Communication, Compliance Advisement, Compliance Oversight, Compliance Program Implementation, Compliance Risk Assessment, Confidential Information Handling, Contract Review, Contractual Risk Mitigation, Contractual Risk Monitoring, Contract Writing, Crisis Management, Data Loss Prevention (DLP), Data Security, Discretion and Business Ethics, Emotional Regulation, Empathy, Financial Risk Management, Governance Framework, Inclusion, Intellectual Curiosity {+ 27 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date