SRC Risk and ComplianceManager

Industry/Sector

Specialism

Management Level

Job Description & Summary

Enhancing your leadership style you motivate develop and inspire others to deliver quality. You are responsible for coaching leveraging team members unique strengths and managing performance to deliver on client expectations. With your growing knowledge of how business works you play an important role in identifying opportunities that contribute to the success of our Firm. You are expected to lead with integrity and authenticity articulating our purpose and values in a meaningful way. You embrace technology and innovation to enhance your delivery and encourage others to do the same.

Examples of the skills knowledge and experiences you need to lead and deliver value at this level include but are not limited to:

• Analyse and identify the linkages and interactions between the component parts of an entire system.
• Take ownership of projects ensuring their successful planning budgeting execution and completion.
• Partner with team leadership to ensure collective ownership of quality timelines and deliverables.
• Develop skills outside your comfort zone and encourage others to do the same.
• Effectively mentor others.
• Use the review of work as an opportunity to deepen the expertise of team members.
• Address conflicts or issues engaging in difficult conversations with clients team members and other stakeholders escalating where appropriate.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance) the Firms code of conduct and independence requirements.

Minimum years experience required

10 Years- 14 Years

• Position Requirements

  • Security strategy and governance projects (security strategy operating model org structure etc.)

  • Assessments: Maturity assessment Audit readiness planning and framework assessment cloud migration requirements business case developmentcomparisonsand vendor evaluation

  • Frameworks: Design framework programobjectives first/second/third line of defense vision and mission statements current state assessment and gap analysis roadmap planning and estimation for the program programgovernanceand target operating model for NIST PCI-DSS HIPAA HITRUST ISO COBIT etc. and vendor evaluation.

  • GEN AI/RES AI: To automate GRC tasks such as drafting compliance reports updating policy documents and generating summaries of regulatory changes.

  • Design and implement AI-powered chatbots toprovidereal-time guidance on regulatory queries for internal teams. Automate evidence collection and testing of internal controls using AI agents to streamline audit preparation and continuous monitoring

  • Experience with GenAI and large language models (LLMs) to automate and enhance GRC processes.Proficiencyin using AI to parse and synthesize large volumes of unstructured data including legal and regulatory documents.

  • Good experiencein performing Organization Standard/Policy GAP assessment and Maturity assessments with Industry best practices (NIST/ISO/.).

  • Policy management (policy writing policy review policy lifecycle) projects

  • Cloud architecture definition and assessment: development of cloud reference architecture target state cloud architecture definition compliance requirements migration strategies.

  • Must havehands onexperience andwellproficient in Cybersecurity standard creation policywritingand maintenance

  • Good understanding of Legal Regulatory and Privacy requirements to integrate within the Cybersecurity Program.

  • Good understanding of various components of an enterprise Cybersecurity program including governance structures Risk and Threat Management key controls key processes Securityarchitectureand Security training program

  • Recommending Cybersecurity action plans for organizations to achieve their overall cybersecurity objective

  • Good Knowledge and experience with GRC tools such as MetricStream Open Pages Archer and data analytics &visualization tools used in the Industry such asPowerBI Alteryx and Tableau.

  • Experience in partnering with various functions within the Cybersecurity organization to capture and document the services and associated core processes work instructions and templates.

  • Analyze the security posture of the organizations by assessing the design and implementation of security controls.

  • Experience in Vendor risk management Outsourcing risk management Technology Risk Information Security.

  • Strong understanding of Cybersecurity and Risk Control frameworks and their adoption in the Supplier management domain.

  • Experience in implementing effective and innovative technology solutions.

  Desired Knowledge

  • Excellent written and oral communication skills can express thoughts clearlyknowshow to listen andisable to contributeina team environment.

  • Must communicate consistently and driveobjectives relying on fact-based decisions about risk thatoptimizethe trade-off between risk mitigation and business performance.

  • Demonstrates proven extensive abilities withleveragingcreative thinking and problem-solving skills individual initiative andutilizingOffice 365 MS Office (Word Excel Access PowerPoint) and Google Docs.

  • Ability to create domain specific training content and delivertrainingseffectively

  • Good presentation project management facilitation and delivery skills as well as strong analytical and problem-solving capabilities.

  • Develop/implement automation solutions and capabilities that are clearly aligned to client businesstechnologyand threat posture.

  • Demonstrates ability to track developments and changes inthe digitalbusiness and threat environments to ensure thattheyreadequately addressed in clients security strategy plans and architecture artifacts.

Travel Requirements

Job Posting End Date