INSenior AssociateCybersecurity GovernanceCyber as a ServiceAdvisoryPan India

Line of Service

Industry/Sector

Specialism

Management Level

Job Description & Summary

Why PWC

At PwC you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes forour clients and communities. This purpose-led and values-driven work powered by technology in an environment that drives innovation will enable you to make a tangible impact in the real world. We reward your contributions support your wellbeing and offer inclusive benefits flexibility programmes and mentorship that will help you thrive in work and life. Together we grow learn care collaborate and create a future of infinite experiences foreach other. Learn more about us.

At PwC we believe in providing equal employment opportunities without any discrimination on the grounds of gender ethnic background age disability marital status sexual orientation pregnancy gender identity or expression religion or other beliefs perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this we have zero tolerance for any discrimination and harassment based on the above considerations.

Job Description & Summary

We are seeking a skilled and experienced Cybersecurity Governance & Risk Manager to lead and execute key cybersecurity governance risk management and compliance activities. This role will be responsible for managing cyber risk scoring third-party risk assessments policy and SOP reviews and ensuring compliance with various regulatory frameworks including ISO 27001 PCI DSS and ISO 27701 (PIMS). The ideal candidate will have hands-on experience in cybersecurity governance audit coordination and GRC tool operations.

Responsibilities:

1. Security Governance

Cyber Risk Score Management

Evaluate and publish monthly cybersecurity risk scores based on defined KPIs.

Revise KPI weightage and identify new KPIs in consultation with leadership.

Collect and validate KPI data and artefacts.

Publish dashboards and derive actionable insights for management.

Security Policy Tools & Technology Governance

Review 30 critical security tools for policy alignment and compliance.

Conduct periodic reviews and present findings to GRC leads.

SOP Review & Management

Review and update 25 SOPs for accuracy and compliance.

Collaborate with SMEs to improve SOPs and maintain a centralized repository.

---

2. Risk Governance & Management

Third Party Risk Management (TPRM)

Classify vendors and conduct quarterly on-site assessments for vendors.

Publish assessment reports and follow up on open observations.

Maintain vendor and audit master data.

Enhance audit checklists and collaborate across functions.

Identify automation opportunities and conduct quarterly training sessions.

---

3. Compliance Services

GRC Tool Operations

Create and manage controls for multiple standards (ISO PCI DSS UIDAI RBI etc.).

Configure assessments and manage respondent roles.

Provide training and support for tool users.

Track issues remediation and enhancements.

Drive ICFR self-assessments and regulatory compliance reporting.

ISO 27001 & PCI DSS Maintenance

Manage ISMS framework and certification upkeep across locations.

Conduct bi-annual internal audits and support external audits.

Perform MRM meetings InfoSec trainings and annual risk assessments.

Conduct PCI DSS retail assessments using GRC tools.

Privacy Information Management System (PIMS)

Manage ISO 27701 certification and framework.

Conduct internal and external audits track remediation efforts.

Update documentation and conduct annual MRMs and risk assessments.

Lead training and awareness programs.

Requirements

25 years of experience in cybersecurity governance risk management and compliance.

Strong understanding of GRC tools and frameworks.

Experience with ISO 27001 PCI DSS and privacy regulations.

Excellent communication and stakeholder management skills.

Ability to travel PAN India for on-site assessments and audits.

Certifications such as CISA CISM ISO 27001 LA are highly preferred.

Mandatory Skill Sets:

Cybersecurity

Preferred Skill Sets

Cyber Audits Assessment

Years of Experience Required:

2 Years

Education Qualification:

Any Graduate

Education (if blank degree and/or field of study not specified)

Certifications (if blank certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship

Government Clearance Required

Job Posting End Date