IN Senior Asscoiate Information Security Risk Manager IN-IT Services Co IFS Mumbai, Pune, Gurgaon
PwC
We are a community of solvers combining human ingenuity, experience and technology innovation to help organisations build trust and deliver sustained outcomes.Line of Service: Internal Firm Services
Industry/Sector: Not Applicable
Specialism: Operations
Management Level: Senior Associate
Job Description & Summary:
A career in Information Technology, within Internal Firm Services, will provide you with the opportunity to support our core business functions by deploying applications that enable our people to work more efficiently and deliver the highest levels of service to our clients. You’ll focus on managing the design and implementation of technology infrastructure within PwC, developing and enhancing both client and internal facing applications within PwC, and providing technology tools that help create a competitive advantage for the Firm to drive strategic business growth.
Our Information Technology Security team assists PwC in designing and creating sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation, Information Technology security architecture, and the software development lifecycle.
Job Description & Summary:
PwC is driving major change across technology including the building of a centralized model to deliver and manage technology services across the entire network of member firms.
An Information Security Risk Manager plays a crucial role in ensuring an organization’s information security and compliance with relevant policies and standards.
Information Security Risk Manager aligns with Information Security team members to ensure there is an effective implementation of controls & process in place. Responsible for identification of Cyber security risks, their impact assessment and appropriate measures put in place to eliminate them or mitigate their effect. Responsible for Information Security policy and standards adherence and enforcement across all business lines.
Responsibilities:
- Develop comprehensive security policies, procedures, and guidelines to protect the organization’s information assets.
- Ensure that security policies are enforced across all departments, business units and that any deviations are promptly addressed.
- Regularly review and update security policies to reflect changes in the threat landscape.
- Identify potential security risks through regular risk assessments and reviews. Manage Security Exceptions.
- Develop and implement strategies to mitigate identified risks, including technical controls, process improvements, and employee awareness through effective risk management frameworks (NIST, ISO 31000).
- Enforce security assessments of vendors and third parties to ensure they meet the organization’s security requirements.
- Ensure that security requirements are included in contracts with vendors and third parties.
- Coordinate internal and external audits, ensuring that all findings are addressed and remediated.
- Prepare and submit compliance reports, dashboards, records etc.
- Awareness to applicable standards and regulations – ISO 27001, ISO 22301, IT Act, SSAE, PCI-DSS, NIST, CIS Benchmark, cert-in.
- Responsibility to ensure that organization’s applications and databases are secure.
- Understanding of Secure SDLC, DevOps, OWASP, AzureDevOps, GitHub.
- Directing efforts to secure code, such as code reviews, project security reviews, penetration testing support, and application risk assessments and mitigation across the software development lifecycle.
- Assist Business Units and Software Developers in the evolution of its application security functions and services.
- Lead the remediation of application security and penetration testing findings (SAST, DAST).
- Manage integration with assessment techniques, including Static Code Analysis and Dynamic Code Analysis.
Mandatory skill sets:
- Security Technologies: Understanding of security technologies such as firewalls, intrusion detection/prevention systems, SIEM, endpoint protection, Web application firewalls, Identity and Access Management, Application Security.
Preferred skill sets:
- Cloud Security: Understanding of securing cloud environments (e.g., AWS, Azure, Google Cloud).
- Network Security: Understanding of network security principles and practices.
Years of experience required:
Certifications: Minimum one strongly encouraged (CISSP, CRISC, CISM)
- 4 – 6 years of experience in Information Security Management, Risk management, Application Security, ISO 27001, ISO 31000, NIST Cyber Security Framework, NIST Risk Assessment Framework, CIS Benchmark.
Education qualification:
Bachelor or equivalents. Degrees/Field of Study required: Master Degree, Bachelor Degree. Degrees/Field of Study preferred:
Required Skills: Application Security
Optional Skills: Desired Languages
Travel Requirements: Not Specified
Available for Work Visa Sponsorship? No
Government Clearance Required? No
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
