Information Security Risk & Government Manager

Line of Service

Industry/Sector

Specialism

Management Level

Job Description & Summary

About the role:

Our vision for the PwC Network fuelled by our Purpose is to be the most trusted and relevant

professional services business in the world - one that attracts the best talent and combines the most

innovative technologies to help organisations build trust and deliver sustained outcomes.

mission protects 370000 PwC members across 149 member firms worldwide as well as our global

clients.

Overview:

PwC continues to invest in cyber security capabilities to protect our business and our clients. Within CISO Governance Risk & Compliance (GRC) team acts as a trusted risk advisor to the UK business. By providing guidance on cybersecurity stakeholders implement effective security measures to mitigate risks and protect the firms interests.

Key responsibilities:

As a Manager in our Office of the CISO your role is to drive risk management and reduction activities

to help identify and reduce the risks related to information security associated with technology used

within the firm. Within this role there are specific responsibilities that help ensure PwC complies with the

requirements of clients in our Government & Health Industries (G&HI) space:

• Support the creation of a comprehensive information security risk management framework and the implementation of mitigation strategies by collaborating with leadership and stakeholders to ensure enterprise-level risk visibility and strategic alignment.

• Collaborate with senior stakeholders for insights on existing and emerging technologies like GenAI offering strategic updates and impact assessments for informed decision-making.

• Conduct regular risk assessments to continuously monitor risks security threats and vulnerabilities ensuring the effectiveness of controls.

• Lead initiatives to ensure consistent security practices across G&HI projects.

• Facilities Security Controller and our practice partners and staff with regards to ensuring compliance with contractual requirements within the G&HI sector.

• Provide recommendations and guidance covering the use of PwC IT systems and client data handling ensuring security considerations are addressed particularly where the use of offshore delivery models.

• Ensure compliance with technology requirements including PwC systems laptops.

• Report and investigate security breaches maintaining records and communicating with relevant G&HI leadership.

• Govern evaluations and assessments of information security risks and non-compliance determining their potential impact and likelihood on the organisation.

• Respond pragmatically to challenging situations and lead risk remediation efforts to negotiate and balance risk with business imperatives particularly within the UK firm.

• Build and manage relationships across a global network effectively handling a matrixed organisation.

• Take ownership of team deliverables to ensure timely quality-driven and strategically valuable outcomes for the organisation.

• Participate actively in team activities contributing to strategic projects communications process improvements knowledge sharing and fostering a positive work environment.

An effective candidate will possess the following skills:

• Strong communication and influencing skills to assist inform and build relationships with stakeholders in both the business and support teams to enable effective information security

• Inquisitive nature and intuition regarding what questions to ask when and their relative significance.

• Excellent time management skills balancing working efficiently on your own and contributing as part of a wider team - prioritising and recognising when to escalate to management.

Experience & Qualifications:

• Previous proven management experience in an information security risk management role.

• Formal certifications / qualifications in Information Security (CISSP CISM CRISC CompTIA

• Security).

• Extensive knowledge of risk assurance frameworks essential such as ISO 31000; NIST CSF;

• ISO 27001

• Knowledge of technical security principles highly desirable

• Broad understanding of technology and how security is applied to technology in a large

• enterprise setting

• Experience at an enterprise global company or big four firm is desirable

• Strong data manipulation and visualisation skills (PowerBI Alteryx Excel).

Education (if blank degree and/or field of study not specified)

Certifications (if blank certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship

Government Clearance Required

Job Posting End Date