Connecting to LinkedIn...

W1siziisijiwmjevmdqvmtavmtmvndgvmjivymflm2zkntetowzlmc00nzi2lwe2zwytn2nkntizy2u2otg0l3yyx2jhbm5lcl9etumxlmpwzyjdlfsiccisinrodw1iiiwimjawmhg4mdbcdtawm2uixv0

Technology Risk & Controls Senior Associate

  • Location

    Cardiff

  • Sector:

    Business services

  • Salary:

    Not Specified

  • Job ref:

    WRT-2021-03-23-770D5A575E65

  • Published:

    about 14 hours ago

  • Expiry date:

    2022-04-12

  • Client:

    PWC

Job Description

We support clients in the delivery of large-scale operational programmes and managed solutions.

  • We are looking for self-motivated and experienced information security individuals or technology professionals with an interest in conducting third party risk management activities such as; supplier security assessments / reviews, contractual term analysis and negotiation, and ongoing monitoring of supplier adherence to security commitments.

  • You will need to demonstrate technical understanding / experience across the following areas of Cyber Security;

  • Knowledge of cloud computing environments.

  • Knowledge of characteristics of SaaS, PaaS and IaaS solutions.

  • Evaluating the control environment including review of compensating controls and risk mitigation.

  • Information Security assessment processes, including audit, vulnerability scanning, and security policy and standards review.

  • Creating or managing IT security policies and standards.

  • Experience in reviewing or generating assurance reports such as SOC, ISO, PCI / DSS etc.

  • Understanding of Information Security fundamentals across multiple domains, including (but not limited to) security management, security architecture, application security, network security, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuityplanning, laws, investigations, and ethics.,

  • Perform risk assessment on suppliers and identify risk domains.

  • Conduct remote / onsite security assessments.

  • Review policy and procedures relating to information security and data privacy.

  • Ensure that potential issues are raised promptly and discussed with management to identify options to mitigate risk.

  • Identify, document and communicate control gaps / deficiencies to internal and external stakeholders

  • Demonstrate client management skills throughout the assessment process.

  • Identify process efficiencies / enhancements to keep assessment programs in line with industry best practices.

  • Perform other duties as assigned.

  • Manage a large and diverse portfolio of Vendors for the firm;

  • Negotiate remediation plan with suppliers

  • Maintain open communication channels with senior stakeholders through regular governance sessions, escalating appropriately as and when required.

  • Own the quality of all client outputs and ensure all client and internal document repositories are accurate and up to date, This is an opportunity to join a growing team, bringing your experience and energy, to make a real difference at a local team level and to our clients. You will join a fun and faced paced environment that can provide you with a long term rewarding and stimulating career. You will work with a variety of clients across a range of different programmes providing you with the opportunity to see and try new things. We have a strong culture of business innovation, using technology and process improvement to automate the mundane and repeatable tasks. You will have an opportunity to get involved and work alongside our technology enablement teams to create positive change. You will benefit from a range of personal development support. This includes having access to our technical training pathways and personal skills training programmes delivered by our dedicated Operate Academy team.

  • You will also have access to our Professional Qualification pathway that includes a wide range of industry recognised qualifications that can support your desired career direction, including; Chartered Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Risk Information Systems Control (CRISC) and CompTIA Advanced Security Practitioner (CASP). Not the role for you? Did you know PwC offer arrangements as well as (ie temporary or day rate contracting)? The skills we look for in future employees All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients.

  • These skills and behaviours make up our global leadership framework, The PwC Professional' and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.

Candidate Description

  • 2 or more years experience in professional roles involving information security, data privacy and / or controls testing.

  • Knowledge of information risk and compliance principles. Broad understanding of security technology and related risk and compliance issues

  • Senior stakeholder relationship management

  • Excellent attention to detail and a passion for delivering high quality output for clients Desirable Criteria

  • Cyber Security related certifications including ISO27001 Lead Auditor, CISA, CISM, COBIT, CISSP, CIPM

  • Degree in Information Technology or related subject or equivalent experience

  • Strong understanding of information security controls & ISMS standards such as ISO 27001 / 2, COBIT and NIST

  • Experience with SOC2 compliance standards

Employer Description

PwC's Operate business delivers large operational and managed service solutions for clients to meet regulatory, risk and compliance challenges.

With over 2000 staff deployed on large implementation and execution programmes, Operate brings together top talent with a distinctive mix of knowledge and skills.