Job description

Manager, Information Risk Management

Apply Now    
Job Category:   Cybersecurity/Privacy
Line of Service:   IFS
State & City:   AZ-Phoenix|CA-Los Angeles|CA-San Francisco|CT-Stamford|DC-Washington|FL-Tampa|GA-Atlanta|IL-Chicago|MD-Baltimore|MI-Detroit|NJ-Florham Park|NY-New York|PA-Philadelphia|TX-Dallas|TX-Houston|VA-McLean|WA-Seattle
Travel Requirements:   0-20%
Position Type:   Manager
Req ID:   95365BR
PwC/LOS Overview
PwC is a network of firms committed to delivering quality in assurance, tax and advisory services.

We help resolve complex issues for our clients and identify opportunities. Learn more about us at www.pwc.com/us.

At PwC, we develop leaders at all levels. The distinctive leadership framework we call the PwC Professional (http://pwc.to/pwcpro) provides our people with a road map to grow their skills and build their careers. Our approach to ongoing development shapes employees into leaders, no matter the role or job title.

Are you ready to build a career in a rapidly changing world? Developing as a PwC Professional means that you will be ready
- to create and capture opportunities to advance your career and fulfill your potential. To learn more, visit us at www.pwc.com/careers.

It takes talented people to support the US firm of the largest professional services organization in the world. Not all of us work directly with external clients. Some of our best people choose to apply their talents inside PwC.

As part of Internal Firm Services, you're serving an organization on par with many of our external clients. Our Internal Firm Services team consists of first-rate marketers, human resource professionals, computer technologists, knowledge managers, accountants, financial planners, administrators and leaders. Internal Firm Services staff are the people who make it work for the people who make it work for our clients.

Job Description
Network Information Security organization is tasked with designing, implementing and maintaining information security capabilities and services for the PwC Network of member firms. The organization consists of highly skilled information security professionals across the globe that are focused on developing a leading security program across the Network of Firms, to foster clients' trust in our ability to secure their most sensitive data, to better position PwC to address clients' evolving needs and to harmonize the internal firm security strategy with client services go-to-market strategy. The group is leading PwC's Network Security Transformation Programme, which is a multi-year programme to enhance existing capabilities and build new capabilities to combat the ever more complex cyber threats.

Information Security Risk and compliance provides a range of services to the PwC Network of Firms that identify, quantify, and reduce risks to the security of information.

These services include IT risk assessment processes, meeting client security interactions, management of IT security controls, information risk assessments, data privacy reviews, managing compliance assessments, supply chain risk management, security policy development and IT risk due diligence. The team will interact with data privacy and legal organizations.

The team is responsible for engaging with clients, third parties, cross LoS, cross territory, and global members of the firm on IT risk management topics relevant to the Network of firms. Including identifying, understanding and socializing new risks and assessing their possible impact on the firm.

Position/Program Requirements
Minimum Year(s) of Experience: 4


Minimum Degree Required: High School Diploma or GED


Degree Preferred: Bachelor's degree


Certification(s) Preferred: CISSP, CISA or CISM


Knowledge Preferred:

Demonstrates extensive knowledge and/or a proven record of success in IT security management or information protection frameworks, (e.g. ISO 27001 and 27002, GDPR, Privacy Shield), and their application in the support and integration of key business and strategic priorities, preferably for a global network or professional services firms, including in the following areas:



- Supporting the strategic vision for information security management within the PwC global Network of member firms and contributing to the development of new security management domain expertise on an ongoing basis;

- Understanding of IT security or information protection fundamentals across one or more security, legal, privacy, or data regulatory domains, including (but not limited to) security management, security architecture, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, laws, investigations, and ethics; and,

- Evaluating security requirements in one or more contexts, such as audit, vulnerability scanning, contract review, industry standards, and organizational policy and standards review.


Skills Preferred:

Demonstrates extensive abilities and/or a proven record of success in IT security management or information protection frameworks, (e.g. ISO 27001 and 27002, GDPR, Privacy Shield), and their application in the support and integration of key business and strategic priorities, preferably for a global network or professional services firms, including in the following areas:

- Maintenance of security policy and standards libraries;

- Translating technical IT security concepts into business terms;

- Working comfortably with all levels of leadership;

- Communicating and promoting the use Network security policies and standards;

- Comprehending the value of Network policies and standards, as well as business requirements, and the ability to recognize potential conflicts and arrive at successful outcomes collaborative;



- Contributing expertise across multiple key ISMS components: information asset inventory, risk assessment, security policy and standards development, internal assessment, and report to management;

- Addressing risk utilizing standardized and consistent methodology;



- Assisting in responding to client inquiries regarding PwC security posture, including requests to audit, site visits, and independent audits; and,



- Communicating, tracking and reporting audit and assessment findings and corrective action plans.




Apply Now