Technical Information Security Officer
  • United Kingdom London
  • PwC UK
1 year before
31.12.2023
Oversee and Govern
Cybersecurity Management
Job Description

Technical Information Security Officer (TISO)

Senior Manager

Summary

Our vision for the PwC Network, fuelled by our Purpose, is to be the most trusted and relevant professional services business in the world - one that attracts the best talent and combines the most innovative technologies, to help organisations build trust and deliver sustained outcomes.

If you are seeking an exciting career with the scope to grow your cyber security skills through major change on a global scale, then a role within the PwC Network Information Security team will empower you to do so.

Overview

We have increased our commitment to becoming an organisation recognised for technology expertise, which has resulted in an acceleration of the use of disruptive, innovative and emerging technologies.

We are expanding our security capabilities to support these growth ambitions and are looking for an experienced Information Security Officer with technical architecture experience to support this strategic initiative. The TISO (Technical Information Security Office) team will work closely with our innovation and technology teams across the business to identify opportunities to integrate security across their programmes of work.

The TISO will identify and create security requirements to explore the utilisation of existing service offerings and identify new opportunities to improve the Firm and Network’s information security protection. Whether it be integrating solutions, driving operational governance processes or providing technical requirements back to our enterprise security teams; the TISO team provides the security expertise to accelerate innovation and emerging technology to enable us to deliver maximum value to the PwC UK firm and our clients.

About The Role

We are looking for someone who can help solve novel security problems, occasionally in original, clever, and inventive ways and who can collaborate with a wide range of internal teams to support the rollout of new and emerging technologies where clear guidelines do not yet exist, whilst supporting our security agenda and protecting our data and reputation. In this role you will:

Assist in assessing products using emerging technology from a security perspective and identify security requirements.
Support the creation of Cyber Security governance frameworks and processes aligned to the spirit of the Network Information Security Policy to meet business needs.
Identify and promote opportunities to enhance client offerings
Support the delivery of technology transformation programmes and evangelise DevSecOps concepts.
Help create opportunities to increase security capability in our innovation teams, and technology capability in our security teams.

Key Responsibilities

Identifying emerging threats and risks and potential controls to mitigate those risks.
Identifying, planning for and communicating disruptive threats and risks.
Experimenting and learning alongside the business.
Identifying growth opportunities for security within the firm.
Articulating potential security requirements with regard to adoption of new technologies.
Creating/supporting the design of appropriate security governance.
Assessing any risks associated with proposed changes in recommended architectures and design patterns, and advising on important security-related technologies
Evangelising the principles of best security practices
Providing people management, development and oversight of more junior team members

Not the role for you?

Did you know PwC offers flexible career arrangements and contract work? Learn more.

The Skills We Look For

The PwC Professional is our global framework for defining and encouraging leadership at all levels. Learn more.

The Deal

‘The Deal’, our firmwide Employee Value Proposition’ empowers our people to be the best they can be. Learn more.

Our commitment to you

We’re committed to building a culture that empowers all of our people to thrive and feel a sense of belonging at PwC. Learn more.

Application support

If you’re a person with a disability, if you’re neurodivergent, or if you have a condition that you believe may affect your performance during our selection process, we’ll be happy to make reasonable adjustments to our processes for you. Learn more.

Business Solutions

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0008   Knowledge of applicable business processes and operations of customer organizations.
  • K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0059   Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0087   Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
  • K0092   Knowledge of technology integration processes.
  • K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • K0151   Knowledge of current and emerging threats/threat vectors.
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0180   Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0622   Knowledge of controls related to the use, processing, storage, and transmission of data.
Required Skills
  • S0018   Skill in creating policies that reflect system security objectives.
  • S0059   Skill in using Virtual Private Network (VPN) devices and encryption.
  • S0138   Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).
Required Abilities
  • A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
  • A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).