PwC is driving major change across information and cybersecurity by building a centralised model to provide security services across the entire member firm network. The Network Information Security (NIS) organisation is tasked with designing, implementing and maintaining information security capabilities and services for PwC Network of member firms.
The NIS Application Readiness team (formerly IRM) helps IT project teams with everything they need to keep PwC and client data secure—from complying with data protection standards to reducing the possibility of information breaches. We review applications against a set of security controls (ISP and Application Readiness Standard) to identify common information security risks, and then we recommend how to mitigate those risks. If you are seeking an exciting career with the scope to grow your Security skills through major change on a global scale, then NIS will empower you to do so.
Application Security Risk Manager
To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional, our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.
As a Senior Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:
- Encourage everyone to have a voice and invite opinion from all, including quieter members of the team.
- Deal effectively with ambiguous and unstructured problems and situations.
- Initiate open and candid coaching conversations at all levels.
- Move easily between big picture thinking and managing relevant detail.
- Anticipate stakeholder needs, and develop and discuss potential solutions, even before the stakeholder realises they are required. Contribute technical knowledge in area of specialism.
- Contribute to an environment where people and technology thrive together to accomplish more than they could apart.
- Navigate the complexities of cross-border and/or diverse teams and engagements.
- Initiate and lead open conversations with teams, clients and stakeholders to build trust.
- Uphold the firm's code of ethics and business conduct.
Roles & Responsibilities: Application Readiness (AR) Sr Risk Managers provide primary oversight of Application Readiness Reviews (ARRs).
- Communicate security posture and health of Applications portfolio with CISO/BISO/CIOs and drive action
- Develop strategy to automate, orchestrate and scale Application Security Review function
- Work with Risk Managers and Risk Reviewers to ensure assessments are delivered in an efficient and timely manner
- Work with Consultation Services Architects to identify gaps in compliance and determine inherent risk, mitigating factors, and residual risk
- Collaborate with other sister teams to ensure relevant processes are completed as necessary and in good standing to support Application Security assessments
- Interface with customers to provide guidance relevant to AppSec requirements
- Escalate risks and other concerns to Application Security Leadership, BISOs, CISOs, and other relevant stakeholders
- Interface with a number of other NIS service providers, such as Policy, Third Party Risk Management, Issues Management, Threat Management
- Provide disposition on assessments tickets and publish other deliverables (Application Risk Assessment reports or Risk Statement) as applicable
- Strong communication skills
- Strong English written and verbal skills
- Customer service skills to create a exceptional customer experience
- Strong organizational and time management skills to support multiple concurrent reviews
- People leadership skills to provide oversight of Risk Reviewers, coaching and mentoring in an informal fashion
- Self- Awareness
- Ability and confidence to exercise professional skepticism with soft skills to do so with diplomacy
- Knowledge of the Information Security Policy, Application Readiness Standard, and applicable supporting Standards
- Understand the purpose of Application Readiness process
- Ability to assess whether a control is 'met' or 'not met' (black and white)
- Ability to navigate the grey when a control does not meet the letter of the control
- Ability to review documentation analytically, and assess control compliance based on information/ documentation provided.
- Ability to evaluate complex data and determine whether data can be used to support the reviews being conducted
- Ability to pull facts and details related to controls from different types of documentation and diagrams submitted
- An understanding of when and how to escalate
Skill and Experience:
- Good understanding of Application IT Security Standards, on-premise as well as cloud-based.
- Good understanding of risk management and experience with identifying and assessing potential information security risks.
- Good understanding and exposure to technical risk assessment along with vulnerability assessment and penetration testing.
- Strong communication skills and the ability to provide risk guidance, inform management about potential risk issues, and relay information about policy requirements effectively
- Proper Experience in coordination of issue tracking, Follow-Ups, communication skills in a global environment.
Education Level: Bachelor or equivalents.
Desired Certifications: But not mandatory.
CISSP / CISM /CISA / CCSK / CCSP / CRISC
Year of Experience : 3 - 10 years of experience in a relevant role