Job Description
Line of Service
Internal Firm ServicesIndustry/Sector
Not ApplicableSpecialism
IFS - Risk & Quality (R&Q)Management Level
ManagerJob Description & Summary
This role sits within the CISO / Cyber Risk & Compliance function and focuses on managing internal cyber risk from a regulatory and GRC perspective. The role partners closely with the Network Information Security (NIS) teams and business stakeholders to assess cyber risks, evaluate control effectiveness, and support informed decision-making around residual risk.You will act as a key bridge between regulatory expectations (e.g. MAS, CSA), global cyber controls, and local firm risk posture, helping leadership understand whether identified risks are acceptable and aligned with the firm’s risk appetite.
Key Responsibilities
Cyber Risk & Regulatory Oversight:
· Assess cyber risks and control effectiveness across the firm from a regulatory perspective, with primary focus on MAS, CSA, and other relevant regulatory frameworks.
· Conduct cyber risk assessments, including inherent and residual risk evaluation, aligned to regulatory expectations and industry best practices.
· Support regulatory readiness by interpreting regulatory requirements and mapping them to global and local cyber controls.
· Ability to lead and manage a team effectively. The ideal candidate should be proactive, dynamic, and self-driven, with the capability to handle challenging situations, prioritize tasks, manage and mitigate risks, and ensure timely closure.
· Work with senior stakeholders and technology teams to supportcompliance with the Information Security Policy by leveraging your cyber security knowledge and expertise;
Risk & Control Assessment:
· Review and challenge the design and operating effectiveness of controls, leveraging existing frameworks and global NIS standards.
· Work closely with NIS teams (local, regional, and global) to understand existing controls and identify gaps or areas of enhancement.
· Evaluate residual risk and engage with partners and senior stakeholders to have practical discussions around risk acceptance and risk treatment decisions.
Threat & Risk Landscape Analysis:
· Work with Global NIS to analyse the cyber threat landscape to identify emerging risks, trends, and potential impact to the firm.
· Translate technical cyber risks into business-relevant risk statements to support leadership decision-making.
· Maintain an understanding of cyber risk domains, including operational, regulatory, and technology-driven risks.
Cyber Controls & Technical Understanding:
· Demonstrate a strong understanding of cyber controls, including network-level controls, and how they reduce or mitigate risk.
· Partner with technical teams to understand control dependencies and limitations when assessing risk exposure.
· Provide guidance on control improvements aligned to regulatory expectations and firm-wide cyber strategy.
Stakeholder & Partner Engagement:
· Engage with partners and senior stakeholders to discuss risk posture, residual risk, and regulatory implications.
· Act as a trusted advisor who can confidently support risk-based conversations, balancing regulatory expectations with business realities.
· Collaborate across Lines of Service and global teams in a matrixed environment.
Essential Skills & Experience:
· Strong background in Cyber Risk, Regulatory Compliance, and GRC.
· Hands-on experience performing cyber risk assessments and control reviews.
· Familiarity with MAS, CSA, and related cybersecurity regulatory frameworks.
· Experience working with or alongside centralized security functions (e.g. NIS / CISO teams).
· Ability to assess, articulate, and challenge residual risk in a structured and pragmatic manner.
· Strong communication skills with the ability to engage both technical and non-technical stakeholders.
Education & Certifications
· Bachelor’s degree in Information Security, IT, Cybersecurity, or related discipline (or equivalent experience).
· CRISC certification strongly preferred.
· Additional certifications such as CISSP, CISA are advantageous.
Does this describe you?
Analytical: Proactive, inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
Be able to navigate complex environments and find solutions to reduce security risk. Innovate, think outside of the box and build process efficiency to deliver service excellence.
Business: High level understanding of PwC’s business model, service offerings, and business operating environment as it pertains to the firm’s threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
Domain landscape: Knowledge of information security risk and compliance principles
Communication: Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms’ staff and leadership to enable effective information security activities and processes in line with the cyber readiness program
Join us and be a part of a dynamic team that is dedicated to creating an engaging and effective learning environment for our diverse workforce. Your enthusiasm and contributions will support the success of our training initiatives and contribute to our company's growth.
Education (if blank, degree and/or field of study not specified)
Degrees/Field of Study required:Degrees/Field of Study preferred:Certifications (if blank, certifications not specified)
Required Skills
Optional Skills
Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Azure Data Factory, Coaching and Feedback, Communication, Creativity, Cybersecurity, Cybersecurity Governance, Data Architecture, Data Archiving, Data Flow Mapping, Data Privacy Act, Embracing Change, Emotional Regulation, Empathy, Enterprise Content Management, Incident Response Plan, Inclusion, Information Rights Management (IRM), Information Security, Information Security Governance, Information Security Management System (ISMS), Intellectual Curiosity {+ 16 more}Desired Languages (If blank, desired languages not specified)
Travel Requirements
Up to 20%Available for Work Visa Sponsorship?
NoGovernment Clearance Required?
NoJob Posting End Date