SRC Cyber Strategy and ResilienceSenior Associate

Pune - India

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

At PwC our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients providing advice and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively.

In regulatory risk compliance at PwC you will focus on confirming adherence to regulatory requirements and mitigating risks for clients. You will provide guidance on compliance strategies and help clients navigate complex regulatory landscapes.

Strong understanding ofsecurity strategyprogram design securityassessmentsanddeeptechnicalcontrols.

Lead portions of cybersecurity strategy maturity and framework assessments (e.g. NIST CSF ISO 27001) including analyzing findingsvalidatingevidence and developing higher-level insights and recommendations.

Drivecurrent-state assessmentsidentifymeaningful control or capability gaps and help design strategic roadmaps remediation plans and transformation pathways aligned to clientobjectives.

Leadcurrent-state assessments perform gap analyses and develop roadmap plans with effort estimations. Experience applying these methods across at least two industry frameworks such asNIST CSF NIST 800-53 CISFFIECISO 27001etc.

Synthesize complex assessment findings into structured client-ready deliverablesrisksobservations gap summaries orstrategic recommendations.

Hands-on experience designing and implementing program frameworksincluding defining programobjectives vision and mission statements governance structures target operating models and first/second/third line of defense responsibilities.
- Proven experience creating writing reviewing andmaintainingcybersecurity standards policies and procedures.
- Conduct threat modeling using established frameworks (e.g. MITRE ATT&CK STRIDE)identifypotential attack paths or capability gaps and incorporate insights into assessments recommendations and resilience planning.
- Ability to interpret and assess Enterprise Security Architecture Infrastructure Configurations SaaS PaaS APIs Network designs data flow maps cloud architecture layoutsetc.
- Experienceassistingwith cloud securitydesigning including reviewing baseline security compliance and configuration requirements across AWS Azure or GCP environments.
- Ability to assess cloud architectures fromsecurityperspective including evaluating current and target-state designsidentifyingcompliance and security requirements and defining secure cloud migration strategies.
- In-depth understanding of IT cyber resilience architecture business continuity(BCP) disaster recovery (ITDR)andrelevant andcybersecurity standards such as ISO 22301 and NIST SP 800-61 DORA and other industry regulations.
- Experience with GenAI/LLMs to automate and enhance GRC processes.
- Experience implementing or evaluating AI governance and risk controls aligned with theframeworks such as NIST AI RMF or ISO 42001to guide AI system design control definition and responsible AI practices
- Experience withdevelopingAI tools/Agentsto automate compliance reporting policy updates regulatory summaries evidence collection and control testing.
- Ability to design AI-powered chatbots for internal regulatory/controls guidance.
- Strong project management and stakeholder management skills with the ability to independently manage workstreams coordinate team activities andmaintainclear communication with clients to drive delivery.
- Ability to collaborate with cross-functional cybersecurity teams to capture document and operationalize cybersecurity processes.
- Experience in implementing effective and innovative technology solutions.

Experience with cyber defensetechnologiessuch as SIEMSOAR and EDR/XDR platforms.

Familiaritywithsecurity operations includingvulnerability managementincident handling cyber threat intelligence and proactive threat hunting.

Ability to track emerging digital business trends and evolving threats to ensure they are incorporated into security strategy and architecture.

Understanding ofsecure software development practices (SSDLC) and the ability to integrate security controls throughout the SDLC.

Experience performing application security assessments including threat modeling code reviews and static/dynamic application security testing (SAST/DAST/SCA).

Experience with application security tools such as Veracode FortifyCheckmarx SonarQube Burp Suite or similar platformsis good to have.

Proven capability to independently drive cybersecurity and GRC initiatives end-to-end including assessment remediation planning stakeholder alignment and execution.

Demonstrated leadership skills and team management capabilities including providing direction to team members and contributing to effective client management through proactive engagement and issue resolution.

ProficiencywithMicrosoft365 and Microsoft Office Suite (Word Excel Access PowerPoint).

Good presentation project management facilitation and delivery skills as well as strong analytical and problem-solving capabilities.

Excellent written and verbal communication skills with the ability to articulate complex concepts clearly and contribute effectivelyinteam settings.

Consistently communicates and drivesobjectivesusing fact-based decision-making that balances risk mitigation with business performance.

Professional & Educational Background

MCA / BE / B Tech / MS (Field of Study: Computer and Information Science Information Cybersecurity Information Technology Management Information Systems).

Certification(s) Preferred: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certified inRiskand Information Systems Control (CRISC)

Minimum years experience required

5-8 Years

Travel Requirements

Not Specified

Job Posting End Date

Required Experience:

Senior IC

Industry/SectorNot ApplicableSpecialismCybersecurity & PrivacyManagement LevelSenior AssociateJob Description & SummaryAt PwC our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients providing advice and solutions. They help organisations navigate c...

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

Strong understanding ofsecurity strategyprogram design securityassessmentsanddeeptechnicalcontrols.

Lead portions of cybersecurity strategy maturity and framework assessments (e.g. NIST CSF ISO 27001) including analyzing findingsvalidatingevidence and developing higher-level insights and recommendations.

Drivecurrent-state assessmentsidentifymeaningful control or capability gaps and help design strategic roadmaps remediation plans and transformation pathways aligned to clientobjectives.

Leadcurrent-state assessments perform gap analyses and develop roadmap plans with effort estimations. Experience applying these methods across at least two industry frameworks such asNIST CSF NIST 800-53 CISFFIECISO 27001etc.

Synthesize complex assessment findings into structured client-ready deliverablesrisksobservations gap summaries orstrategic recommendations.

Hands-on experience designing and implementing program frameworksincluding defining programobjectives vision and mission statements governance structures target operating models and first/second/third line of defense responsibilities.
- Proven experience creating writing reviewing andmaintainingcybersecurity standards policies and procedures.
- Conduct threat modeling using established frameworks (e.g. MITRE ATT&CK STRIDE)identifypotential attack paths or capability gaps and incorporate insights into assessments recommendations and resilience planning.
- Ability to interpret and assess Enterprise Security Architecture Infrastructure Configurations SaaS PaaS APIs Network designs data flow maps cloud architecture layoutsetc.
- Experienceassistingwith cloud securitydesigning including reviewing baseline security compliance and configuration requirements across AWS Azure or GCP environments.
- Ability to assess cloud architectures fromsecurityperspective including evaluating current and target-state designsidentifyingcompliance and security requirements and defining secure cloud migration strategies.
- In-depth understanding of IT cyber resilience architecture business continuity(BCP) disaster recovery (ITDR)andrelevant andcybersecurity standards such as ISO 22301 and NIST SP 800-61 DORA and other industry regulations.
- Experience with GenAI/LLMs to automate and enhance GRC processes.
- Experience implementing or evaluating AI governance and risk controls aligned with theframeworks such as NIST AI RMF or ISO 42001to guide AI system design control definition and responsible AI practices
- Experience withdevelopingAI tools/Agentsto automate compliance reporting policy updates regulatory summaries evidence collection and control testing.
- Ability to design AI-powered chatbots for internal regulatory/controls guidance.
- Strong project management and stakeholder management skills with the ability to independently manage workstreams coordinate team activities andmaintainclear communication with clients to drive delivery.
- Ability to collaborate with cross-functional cybersecurity teams to capture document and operationalize cybersecurity processes.
- Experience in implementing effective and innovative technology solutions.

Experience with cyber defensetechnologiessuch as SIEMSOAR and EDR/XDR platforms.

Familiaritywithsecurity operations includingvulnerability managementincident handling cyber threat intelligence and proactive threat hunting.

Ability to track emerging digital business trends and evolving threats to ensure they are incorporated into security strategy and architecture.

Understanding ofsecure software development practices (SSDLC) and the ability to integrate security controls throughout the SDLC.

Experience performing application security assessments including threat modeling code reviews and static/dynamic application security testing (SAST/DAST/SCA).

Experience with application security tools such as Veracode FortifyCheckmarx SonarQube Burp Suite or similar platformsis good to have.

Proven capability to independently drive cybersecurity and GRC initiatives end-to-end including assessment remediation planning stakeholder alignment and execution.

Demonstrated leadership skills and team management capabilities including providing direction to team members and contributing to effective client management through proactive engagement and issue resolution.

ProficiencywithMicrosoft365 and Microsoft Office Suite (Word Excel Access PowerPoint).

Good presentation project management facilitation and delivery skills as well as strong analytical and problem-solving capabilities.

Excellent written and verbal communication skills with the ability to articulate complex concepts clearly and contribute effectivelyinteam settings.

Consistently communicates and drivesobjectivesusing fact-based decision-making that balances risk mitigation with business performance.

Professional & Educational Background

MCA / BE / B Tech / MS (Field of Study: Computer and Information Science Information Cybersecurity Information Technology Management Information Systems).

Certification(s) Preferred: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certified inRiskand Information Systems Control (CRISC)

Minimum years experience required

5-8 Years

Travel Requirements

Not Specified

Job Posting End Date

Required Experience:

Senior IC

Key Skills

Marketing
Data Visualization
Tableau
Customer Segmentation
Microsoft Powerpoint
Investment Banking
Strategic Planning
Financial Modeling
Customer relationship management
Management Consulting
Google Suite
Analytics

Apply Now

About Company

PricewaterhouseCoopers

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 155 countries with over 284,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by vis ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click