Job Description

A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You’ll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

Responsibilities

PwC Professional skills and responsibilities for this management level include but are not limited to

As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution.

Preferred Knowledge/Skills: Demonstrates extensive knowledge and/or a proven record of success in the following areas:
Understanding information security policy and standards principles or technical domain related to

Information Security Risk, Policy and Standards that is applied in the context of a broader

understanding of Information Security and related systems and processes;

Contributing to the development of new subject matter or technical domain specialization related

to Information Security Risk, Policy and Standards;

Resolving multi-faceted problems by continuously applying significant independent judgment and

by collaborating with others;

Influencing others through a small team of direct reports, through work on projects and in teams,

and through leading portions of larger projects;

Encouraging improvement and innovation within Information Security Risk, Policy and Standards

and nurturing and developing less-experienced staff through coaching and written and verbal

feedback; and,

Performing Information Security Risk, Policy and Standards tasks with autonomy.

Demonstrates extensive abilities and/or a proven record of success in the following areas:

Managing multiple relationships and stakeholders throughout major transformation;
Balancing business stakeholders and a central technology service organization;
Navigating a matrix organization;
Collaborating with multiple stakeholders across functional and technical skillsets; and,
Navigating a global professional services organization, preferably in the financial services industry.

Basic Qualifications

Minimum Degree Required:

High School Diploma

Minimum Years Of Experience

4 year(s) progressive professional roles involving information security and/or IT management.

Preferred Qualifications

Degree Preferred:

Bachelor Degree

Not the role for you?

Did you know PwC offers flexible career arrangements and contract work? Learn more.

The Skills We Look For

The PwC Professional is our global framework for defining and encouraging leadership at all levels. Learn more.

The Deal

‘The Deal’, our firmwide Employee Value Proposition’ empowers our people to be the best they can be. Learn more.

Our commitment to you

We’re committed to building a culture that empowers all of our people to thrive and feel a sense of belonging at PwC. Learn more.

Application support

If you’re a person with a disability, if you’re neurodivergent, or if you have a condition that you believe may affect your performance during our selection process, we’ll be happy to make reasonable adjustments to our processes for you. Learn more.

Business Solutions

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• K0003   Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.
• K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• K0087   Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
• K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
• K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
• K0267   Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.

Required Skills

• S0018   Skill in creating policies that reflect system security objectives.
• S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Required Abilities

• A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
• A0170  Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.