Boards of Directors and executive management recognize the ever increasing importance of effective risk management efforts in meeting their organization's strategic objectives.
PwC's Risk Assurance practice has developed a holistic approach to risk that protects businesses, facilitates strategic decision making and enhances efficiency. Our holistic approach is complimented by the extensive risk and controls technical knowledge and sector-specific experience our Risk Assurance professionals possess.
The end result is a risk solution that is tailored to meet the unique needs of a company.
- Leveraging industry and technical expertise to assist management to address more effectively risks associated with their business
- Assisting management in the assessment of project risks and controls
- Enhancing internal audit functions to further align to company strategy and risk
- Reducing company costs through strategic internal audit outsourcing and co-sourcing solutions
- Increasing value and reducing costs of compliance-related activities
- Identifying opportunities for companies to effectively mitigate risk and improve business performance
- Applying the concepts of Enterprise Risk Management to help companies identify, assess, mitigate and proactively consider emerging risks
The Cybersecurity, Privacy and IT Risk team is part of Risk Assurance. Our team of professionals help clients develop a vision for their cybersecurity and privacy program, design and build a sustainable and agile program, operate aspects of the program and provide an independent review and assurance of their program to Management or 3rd party stakeholders.
The velocity and density of information in digital business has significant business benefits due to the insights it creates. However, it exposes new risks on how to protect this data and new privacy challenges to guide its appropriate use. Digital business requires a new view on security and privacy, one that is driven by the level of risk appetite and enablement of business and technology strategy.
Our Key Services are:
- Strategy, Governance and Management
- Prioritize investments, allocate resources, and align security and privacy capabilities with the strategic imperatives and initiatives of the organization;
- Security Architecture and Services
- Create sustainable security solutions to provide foundational capabilities and operational discipline;
- Emerging Technologies and Market Trends
- Assess the opportunities and security and privacy related risks of new technology adoption and dynamically changing business models;
- Threat, Intelligence and Vulnerability Management
- Anticipate changes in the risk landscape through situational awareness of the internal and external factors impacting the business ecosystem;
- Risk and Compliance Management
- Efficiently and effectively identify, evaluate and manage risk to the business while addressing the evolving regulatory requirements;
- Information and Privacy Protection
- Identify, prioritize, and protect sensitive or high value business assets;
- Attest and Assure
- Using non-financial-statement reports, including SSAE 16, agreed upon procedures and customized attestations, deliver confidence in companies̢۪ organization̢۪s policies, controls, processes and security;
- Identity and Access Management
- Provide integrated and secure processes, services, and infrastructure to enable appropriate controls over access to critical systems and assets;
- Incident and Crisis Management
- Plan, detect, investigate, and react timely and thoroughly to security incidents, breaches and compromises.
Position/Program Requirements
Minimum Year(s) of Experience: 7 years of experience in IT Risk Management including experience in Cybersecurity & Privacy.
Minimum Degree Required: Bachelor's degree in Accounting, Finance/Economics, Management Information Systems, Computer Science, Business Administration, Statistics Mathematics, Regulatory Compliance, Science, Technology, Engineering & Mathematics and/or other business fields of study.
Certification(s) Preferred: Obtained or demonstrates an active pursuit of one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Knowledge Preferred:
Demonstrates proven regard as a thought-leader level, broad subject matter knowledge and success with developing and implementing cybersecurity, privacy and IT risk strategies for a global network of professional services consulting firms, emphasizing the following areas:
- Writing, communicating, facilitating, and presenting cogently to and/or for all levels of industry audiences, clients and internal staff/management;
- Understanding and applying technical and operational cybersecurity, privacy and/or IT risk domains, and/or standard industry practices relating to these areas, in order to assist clients with assessing their posture and improving their program;
- Understanding and applying emerging technologies, such as cloud, Internet of Things (IoT) and advanced analytics
- Understanding and applying common cybersecurity, privacy or technology industry standards / regulations
e.g. ISO 27001/27002, NIST 800 series, COBIT, PCI-DSS, ITIL, HIPAA / HITECH, EU Safe Harbor, CANSPAM
especially as it relates to building a program and/or
managing internal controls, risk assessments, business process and internal IT control testing or operational auditing;
- Advising CXO's on emerging technologies and cybersecurity, privacy and IT risk strategies consistent with clients' business strategies;
- Providing consultancy and assurance services for cybersecurity, privacy and IT risk strategy, policies, organization and governance, including the participation in proposal development efforts;
- Understanding common issues facing clients who provide products and services in several sectors that include, but are not limited to Financial Services, Manufacturing, Retail, Media and Entertainment, and Energy; and,
- Aspiring to have a broad career in cybersecurity, privacy and/or IT risk.
Skills Preferred:
Demonstrates proven thought leader-level abilities to generate and maintain an annual book of business valued at $2 million+ , identifying client needs and building a local network of clients and talent in the cybersecurity, privacy and IT risk profession for a global network of professional services firms, emphasizing the following areas:
- Leading and managing business development opportunities and engagements from pre-sale and initial scoping through final delivery and signoff;
- Engaging with and support client executives in a decision process that is strengthened by insight into business value;
- Leading teams to generate a vision, establish direction, and motivate members. Creates an atmosphere of trust, leveraging diverse views, coaching staff, and encouraging improvement and innovation; and,
- Managing and/or contributing to project planning, engagement administration, budget management, successful completion of engagement workstream(s) and solution development.
Send To A Friend
Posts
