Job Description & Summary
PwC is driving major change across information and cybersecurity by building a centralized model to provide security services across the entire member firm network. The Network Information Security (NIS) organization is tasked with
designing, implementing and maintaining information security capabilities and services for PwC Network of member firms.
The NIS Application Readiness team (formerly IRM) helps IT project teams with everything they need to keep PwC and client data secure—from complying with data protection standards to reducing the possibility of information
breaches. We review applications against a set of security controls (ISP and Application Readiness Standard) to identify common information security risks, and then we recommend how to mitigate those risks.
If you are seeking an exciting career with the scope to grow your Security skills through major change on a global scale, then NIS will empower you to do so.
Application Security Risk Manager
The Role
Application Readiness (AR) Risk Managers provide primary oversight of Application Readiness Reviews (ARRs).
- Work with Risk Reviewers to ensure tickets are being processed accurately and efficiently
- Work with Consultation Services Architects to identify gaps in compliance and determine inherent risk, mitigating factors, and residual risk
- Collaborate with other AppSec subpillar teams to ensure relevant processes are completed as necessary and in good standing to support AR disposition
- Interface with customers to provide guidance relevant to AppSec requirements
- Escalate risks and other concerns to Application Readiness Regional Leads, BISOs, CISOs, and other relevant stakeholders
- Interface with a number of other NIS service providers, such as Policy, TPRM, Issues Management, Threat Management
- Provide disposition on ARR tickets and publish other deliverables (ARA report or Risk Statement) as applicable
Skills Needed:
- Strong communication skills
- Strong English written and verbal skills
- Customer service skills to create a exceptional customer experience
- Strong organizational and time management skills to support multiple concurrent reviews
- People leadership skills to provide oversight of Risk Reviewers, coaching and mentoring in an informal fashion
- Self- Awareness
- Ability and confidence to exercise professional skepticism with soft skills to do so with diplomacy
- Knowledge of the Information Security Policy, Application Readiness Standard, and applicable supporting Standards
- Understand the purpose of Application Readiness process
- Ability to assess whether a control is 'met' or 'not met' (black and white)
- Ability to navigate the grey when a control does not meet the letter of the control
- Ability to review documentation analytically, and assess control compliance based on information/ documentation provided.
- Ability to evaluate complex data and determine whether data can be used to support the reviews being conducted
- Ability to pull facts and details related to controls from different types of documentation and diagrams submitted
- An understanding of when and how to escalate
The Candidate:
- Good understanding of Application IT Security Standards, on-premise as well as cloud-based.
- Good understanding of risk management and experience with identifying and assessing potential information security risks.
- Good understanding and exposure to technical risk assessment along with vulnerability assessment and penetration testing.
- Strong communication skills and the ability to provide risk guidance, inform management about potential risk issues, and relay information about policy requirements effectively
- Proper Experience in coordination of issue tracking, Follow-Ups, communication skills in a global environment.
- Education Level: Bachelor or equivalents.
- Desired Certifications: But not mandatory: CISSP / CISM /CISA / CCSK / CCSP / CRISC
- Year of Experience: 3 - 10 years of experience in a relevant role.
We offer
-
Career development and professional growth in a global team setting
-
Opportunity to work with the latest technologies and cloud-based platforms
-
Ability to pursue further professional development - access to the multiple trainings provided by PwC
-
Participation in multi-territory activities within the cross platform support area
-
Competitive salary and benefits package, including private healthcare, life and disability insurance, attractive voucher program
-
Inspiring and friendly work environment
-
Career development plan tailored to your preferences and ambitions
-
Flexible working arrangements based on the Polish Labor Law regulations including hybrid or remote model of work