Risk Services - Financial Services Technology and Cyber Risk, Senior Associate

Line of Service

Assurance

Industry/Sector

TMT X-Sector

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

Join our diverse, global community at PwC, where we solve important problems together. You'll develop your unique skills in exciting ways, powered by technology.
Our Risk Services Practice provides critical insights and independent assurance to help clients protect and strengthen their businesses. We manage and mitigate risks from cybersecurity breaches to supply chain disruptions, covering technology, resilience, operations, data analytics, regulatory requirements, data security and privacy, internal audit, and third parties.
We build trust in clients' digital agendas through robust technology, cyber and third party risk management in all industry sectors with a focus on financial services, including banks, insurers, asset managers, payment services, and fintechs.
Our practice is growing due to client demands for help with rapid development, regulatory complexities, and evolving digital risks. Supporting clients' confidence in their digital future is key to their growth, making our Technology, Cyber and Third Party Risk (TCTR) team a priority for our firm.

How will you value add?

We are seeking a number of Senior Associates to join our Financial Services Technology and Cyber Risk team to respond to strong demand-led growth. The team helps clients to understand their technology, cyber, third party and regulatory risks (collectively known as Technology and Cyber Risk), define and execute a strategy which enables the business to deliver its objectives within their desired risk envelope.

We assist clients in understanding and challenging their current risk profiles; we develop and operationalise their risk management strategies; we advise and support their risk mitigation to stay competitive through building trust and resilience in their digital agenda. We cover a wide range of disciplines, including technology risk management, cyber security and risk management, cloud security and governance, third party risk management and application controls.

Responsibilities:

Client service

• Deliver technology and cyber risk assignments, including producing documentation and reports, and quality assuring the work produced by junior team members.
• Support engagement manager to collaborate with clients to identify opportunities to improve their key controls across cybersecurity, business and technology processes.
• Providing our clients with trusted advice, rooted in a pragmatic understanding of their business situation and objectives, to help them navigate complex, risk-driven technology and cyber risk decisions.
• Work on specific projects to substantially improve and evolve the capability and quality of the processes, deliverables and thought leadership.

Business and practice development

• Provide advisory related services through all major milestones of delivery life cycles including planning, fieldwork, reporting and debrief processes.
• Supporting the development of toolkits, methodologies and accelerators.
• Provide coaching and/or conduct training to junior staff to develop communication, analytical and technical skills.

About you

• A good Degree in Business, Engineering, Computer Science, Information Technology (IT) or related disciplines with IT focus.
• At least 3 years Technology and Cyber Risk/ Control experience in Big 4 or leading organisations.
• CISA, CISM, CISSP, PMP or other professional certification is preferred.
• Excellent communication skills – both oral (for interviews/meetings, presentations) and written (for designing and writing engaging reports which communicate recommendations and actions succinctly and clearly convey the message in a way which is appropriate for the audience, and rooted in the client’s needs).
• A keen eye for detail and strong focus on delivering quality work.
• Demonstrated ability to follow through and complete tasks within tight deadlines.
• Experience in management and/or assessment of adequacy of risk and controls over technology and cyber risk at financial institutions is preferred.
• Preferable knowledge in diverse compliance and regulatory frameworks e.g. MAS Notices and Guidelines, CSA, NIST, MTCS, ABS Cloud Guidelines, ISO 270XX, SOC-1/2/3, etc.
• Experience in knowledge in cloud technologies of one or more cloud providers (e.g. associate level certification in Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba/Aliyun, etc.) is a plus.