Business Information Security Officer (BISO) Associate

PwC is building a centralized model for information and cyber security services across its network of member firms. This role, part of the CEE CISO team, supports regional security effectiveness and the global Cyber Readiness Program. Responsibilities include vulnerability management, incident oversight, risk identification, policy compliance, audit contributions, security consultation, and stakeholder education. The ideal candidate has a strong understanding of information security risks and the professional services industry.

Must Have

• Track and drive remediation for application and infrastructure vulnerability management.
• Collaborate with NIS global teams and CEE network for issue resolution and Cyber Readiness Program adoption.
• Provide incident oversight, advice, direction, and escalation.
• Ensure member firm needs are reflected in centrally driven activities.
• Support, initiate, and run regular Cybersecurity Hygiene activities in CEE.
• Identify and follow up on risk remediation.
• Advise on Policy & Standards Compliance.
• Contribute to audits.
• Partner with CEE IT and business teams for projects requiring senior security input.
• Provide security consultation, governance, escalations, and support regarding Information Security.
• Educate and coach CEE Stakeholder communities on NIS Cyber Readiness Program.
• High level understanding of professional services industry business model, service offerings, and threat landscapes.
• Ability to align technical and business worlds and influence.
• Solid understanding of technical information security risks.
• Inquisitive nature and intuition for relevant questions.
• Creative problem solving and strong communication skills.
• Possess a growth mindset and adaptability.
• Bachelor or Master’s degree, or equivalent Industry certification.

Good to Have

• 1-3 Years’ experience in a relevant information security role.
• CompTIA Security+ or similar professional certification.

Job Description & Summary

PwC is driving major change across information and cyber security by building a centralized model to provide security services across the entire network of member firms. Mandated at the network level, Network Information Security (NIS) operates outside Information Technology (IT) and is responsible for this major program initiative, from definition of the security strategy to the execution of the global Cyber Readiness Program, moving from local to globally provided services. Our mission is to identify, control, and reduce the attack surface across the network of member firms while increasing our adversaries’ cost of attack.

NIS is redefining cyber security on a global scale at PwC. Our mission protects 223,000 PwC members across 157 member firms worldwide, as well as our global clients.

If you are seeking an exciting career with the scope to grow your cyber security skills through major change on a global scale, then NIS will empower you to do so.

This role is part of the Central and Eastern Europe (CEE) Chief Information Security Office (CISO) team. CEE CISO team enables local and CEE regional security effectiveness and helps remove roadblocks and barriers from Cyber Readiness Program journey.

Your skills and responsibilities include but are not limited to:

• Application and Infrastructure vulnerability management - track and drive remediation to drive down line of security risk
• You will collaborate with both the NIS global teams and the CEE network of firms to support issue resolution and drive progress against better adoption of Cyber Readiness Program
• Incident oversight - providing advice, direction and escalation where applicable
• Collaborate with our global teams to ensure member firm needs are reflected in centrally driven activities.
• Support, initiate and run regular Cybersecurity Hygiene activities in CEE
• Risk Identification and follow up on remediation
• Advise on Policy & Standards Compliance
• Contribution to audits
• Partner with CEE IT, and business teams for large or complex projects requiring senior security input and decision-making capabilities
• Security consultation, governance, escalations, and support regarding Information Security
• Education and coaching CEE Stakeholder communities regarding NIS Cyber Readiness Program

Who are you?

• High level understanding of professional services industry business model, service offerings, and threat landscapes
• Aligning technical and the business world – ability to influence
• Solid understanding of technical information security risks in all of its facets
• Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
• Creative problem solving and strong communication skills.
• Possess a growth mindset and be able to adapt to operate in different environments.
• Bachelor or Master’s degree, or equivalent Industry certification
• 1- 3 Years’ experience in a relevant information security role is an advantage
• CompTIA Security+ or similar professional certification is an advantage