Information Security Manager

If you love the business side of information security, this is the place to be. Within the CISO pillar we work closely with member firm stakeholders to understand their business model and roadmap for technology. In turn, the CISO pillar outlines the roadmap for NIS and drives engagement and adoption of central security services in line with the PwC Cyber Readiness program. 
 
Management of relationships between NIS and the business is key to delivering the cyber readiness mission. Whether it be integrating solutions, driving operational processes or providing guidance back to NIS to further enhance our strategy, CISO pillar provides the engagement and personal touch to enable NIS to deliver maximum value to the customer, the PwC Network of firms. 

Essential Skills & Responsibilities 

• The primary responsibility will be to lead and support multiple cybersecurity initiatives, including projects related to compliance, risk management, threat analysis, application security, vulnerability assessments, and regulatory adherence. 

• Engage with Line of Service stakeholders to assess security threats/vulnerabilities and manage business risk; 

• Work with the other NIS teams both locally, regionally and globally to deliver the security needs specific to the firm 

• Ability to lead and manage a team effectively. The ideal candidate should be proactive, dynamic, and self-driven, with the capability to handle challenging situations, prioritize tasks, manage and mitigate risks, and ensure timely closure. 

• Help the business comply with the Information Security Policy by leveraging your cyber security knowledge and expertise; 

• Experience managing multi-function relationships throughout major transformation; 

• Experience in a role balanced between business stakeholders and a central service organization; 

• Navigating a multifaceted, matrix organization; and collaborating with multiple stakeholders across functional and technical skillsets. 

• Technical: Broad understanding of security technology. 

• Business: Ability to frame threats and exposures in a business context recognized by non-technical staff and executives 

• Domain landscape: Knowledge of technical security principles and its application 

• Experience in managing and ensuring compliance with cybersecurity regulations and frameworks, such as MAS, CSA, and other relevant industry standards. 

• Address conflicts or issues, engaging in difficult conversations with clients, team members and other stakeholders, escalating where appropriate. 

• Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms’ staff and leadership to enable effective information security activities and processes in line with the cyber readiness program 

• Ability to prioritize risk, manage effective teams to drive completion of activities, passionate in provide coaching and training to team members to motivate and grow the team 

• You will possess deep knowledge in a specific subject matter area or technical domain related to the Information Security Services function that is applied to solve business problems and deliver necessary results. The employee incorporates existing Firm knowledge, subject matter, or technical domain expertise into work activities. 

• Demonstrates proven skills and thorough comprehension of managing efforts within business engagement and relationship management space. 

• Monitor workloads within the team to deliver against the requirements within CISO Services while making sure leadership is informed of progress and issues. 

• Build and maintain relationships across the network of firms to effectively deliver security activities on behalf of NIS 

• Executes tasks aligned to CISO pillar with autonomy. 

Education & Experience 

• Undergraduate Degree (e.g. BIT, BSc) STEM or equivalent work experience 

• 4 - 6 Years of progressive professional roles involving information security, IT management and/or major program management. 

• Professional certifications such as CISA or CISSP are highly preferred, demonstrating expertise in information security, risk management, and compliance.