IN-Senior Associate Compliance Management Strategy & Governance Advisory Mumbai

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Risk

Management Level

Senior Associate

Job Description & Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisation's security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure.

*Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. "

Job Description & Summary: In-depth knowledge and hands-on experience in VAPT , including:  Web Application Vulnerability Assessment & Penetration Testing, Mobile Application Vulnerability Assessment & Penetration Testing , API and Network Penetration Testing, Cloud Security, Network Security, SOC Monitoring and Incident management.

Responsibilities:

• Conduct Risk Assessment
• Create Compliance Framework
• Review/ create Policies and Procedures
• Conduct/ manage Training and Awareness content
• Compliance metrics and tracking
• Maintain Project Progress updates
• Manage Phishing Assessments
• Review Disciplinary process
• Helping in defining Security Strategy
• Perform Quarterly Reviews
• Manage Security Certifications
• Advise on technology solutions and Architecture
• Reporting to Board, Steering Committee, Digital and Technology Committee
• Coordinate Business Impact Analysis
• Review/ coordinate Business Continuity
• Develop a comprehensive third-party risk management program
• Manage vendor/supplier/third party due diligence process including ongoing monitoring
• Develop and maintain relationships with vendors/suppliers/third parties to ensure compliance with corporate information security policies and standards
• Develop processes to respond to incidents involving vendors/suppliers/third parties
• Stay current on emerging threats, trends, best practices, industry standards, regulations, etc.
• Manage and develop Vendor onboarding process
• Manage NDA and BGV
• Conduct Privacy Risk Assessment (PRAs
• Support to implement Privacy By Design
• Manage Data Subject Rights
• Drafting/updating policies and procedures under the company’s data privacy framework
• Managing records of processing activities

Mandatory skill sets:

GRC

• Strong understanding of security frameworks and standards such as ISO 27001, NIST, etc.
• Experience of performing assessment using NIST CSF, ISO 27xxx, NIST 800-53. Implementation and/or assurance experience with IT governance frameworks (e.g. COBIT, NIST, ISO)
• Experience working with regulatory requirements SEBI & RBI guidelines and frameworks, etc.
• Strong knowledge of IT infrastructure, application security, and data protection strategies.
• Detail-oriented with a focus on compliance and process improvement.
• Experience in coordinating and overseeing internal/external audits and vulnerability assessments (VAPT) to address findings and improve security posture.
• Identify , assess, and manage security risks, integrating them into the enterprise risk management program.
• Experience in conducting comprehensive third-party security assessments to mitigate risks associated with external vendors
• Monitor and report on key risk indicators (KRIs) and metrics to ensure proactive identification and escalation of risks.

Preferred skill sets:

• Strong organizational, teamwork, multitasking & time management skills.
• Outstanding communication abilities. Ability to effectively communicate the required recommendations.

Years of experience required:

• 4+ Years

Education qualification:

• Minimum Qualification: BE/ BTech

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Engineering

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Governance Risk and Compliance Platform

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Cloud Security, Communication, Conducting Research, Creativity, Cyber Defense, Cyber Threat Intelligence, Embracing Change, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Learning Agility, Malware Analysis, Malware Detection Tools {+ 16 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date