A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You'll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets.
To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.
As a Senior Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:
Encourage everyone to have a voice and invite opinion from all, including quieter members of the team.
Deal effectively with ambiguous and unstructured problems and situations.
Initiate open and candid coaching conversations at all levels.
Move easily between big picture thinking and managing relevant detail.
Anticipate stakeholder needs, and develop and discuss potential solutions, even before the stakeholder realises they are required.
Contribute technical knowledge in area of specialism.
Contribute to an environment where people and technology thrive together to accomplish more than they could apart.
Navigate the complexities of cross-border and/or diverse teams and engagements.
Initiate and lead open conversations with teams, clients and stakeholders to build trust.
Uphold the firm's code of ethics and business conduct.
Job Requirements and Preferences:
Minimum Degree Required:
High School Diploma
Minimum Years of Experience:
CISSP, CCSP, CISM, CISA, (Cloud Provider specific certifications)
Demonstrates intimate abilities and/or a proven record of success as a team leader:
Exhibiting leadership/mentorship with team members;
Designing and providing solutions to fit the requirements of the project stakeholders, customers, and end-users conforming to the standards established by the IT organization;
Developing secure cloud resource deployment templates in Cloud Service Providers using Terraform, Azure ARM, AWS Cloud Formation, or GCP Deployment Manager;
Integrating security into cloud resources through deployments templates, policy management tools, configuration management tools, CI\CD pipelines, and other automation or orchestration solutions;
Automating deployment of cloud resources and applications using Bash, Python, PowerShell, or other scripting languages;
Exhibiting familiarity with Cloud Security Alliance, Center for Internet Security, ISC2, and SANS Cloud Security Standards for securing Cloud Applications, IaaS, PaaS, SaaS, Containers, and Microservices;
Interacting with distributed version control systems like Git, GitHub, GitOps, etc;
Deploying code using CI\CD tools like GitHub, Azure DevOps, Jenkins, etc;
Working with Hashicorp stack including Terraform, Vault, Sentinel, Consul;
Possessing knowledge and experience with application security solutions and web hosting architecture and principles;
Leveraging experience with Software development including web, mobile applications and development languages;
Having experience with commercial Source Code Analysis/Static Application Security Testing Tools;
Understanding of application source code vulnerability mitigation processes;
Recognizing risk assessment/acceptance factors that can affect business and security decisions;
Having knowledge of and experience with Business processes and drivers that can affect system design;
Analyzing application security vulnerabilities and executing mitigation strategies;
Leveraging review processes using application threat vulnerability tools, scanning techniques and/or code review results;
Using assessments of vulnerabilities, sources of threats, and current security guidance to determine the effectiveness of mitigation plans;
Collaborating with teams to identify opportunities and provide recommendations on how application security can be built into project development;
Interacting with project management team members and key stakeholders on application projects;
Reviewing application threat vulnerability assessments on application development projects;
Implementing strategy for application threat vulnerability review and remediation;
Identifying and documenting complex business cases to assist in gaining internal support to implement security solutions;
Collaborating with team members and stakeholders virtually;
Evidencing communication skills, both written and verbal;
Having customer service experience/skills, multitasking and possessing time management skills; and,
Possessing analytical skills and attention to detail.