Cybersecurity-Strategy Risk & Compliance-Cloud security assessment-Senior Associate-Bangalore

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe.

Our Strategy and Program Design team focuses on helping our clients assess, design, implement, and maintain an effective cybersecurity program that protects against threats, manages risk, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You'll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing programs to deliver continuous operational improvements and increasing their strategic cybersecurity investments while aligning to business imperatives.

Our team helps organisations develop strategy and/or governance structures to improve the effectiveness of their cyber operations. In joining our team, you’ll design a blueprint of our clients future operating models as well as a roadmap outlining the various initiatives required to get there. Additionally, you’ll help design and implement organisational, metrics and reporting, and risk management changes necessary to execute strategy.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Use feedback and reflection to develop self awareness, personal strengths and address development areas.
• Delegate to others to provide stretch opportunities and coach to help deliver results.
• Develop new ideas and propose innovative solutions to problems.
• Use a broad range of tools and techniques to extract insights from from current trends in business area.
• Review your work and that of others for quality, accuracy and relevance.
• Share relevant thought leadership.
• Use straightforward communication, in a structured way, when influencing others.
• Able to read situations and modify behavior to build quality, diverse relationships.
• Uphold the firm's code of ethics and business conduct.

Position Requirements
● Conduct cloud security assessments of cloud-based infrastructure, platforms, and applications to identify
vulnerabilities, risks, and compliance issues.
● Develop and implement security measures, policies, and procedures to protect cloud-based assets and data
from unauthorized access, data breaches, and other security threats.
● Collaborate with cross-functional teams, including system administrators, network engineers, and software
developers, to ensure cloud security best practices based on leading industry insights are followed throughout
the organization.
● Perform regular security audits, vulnerability assessments, and penetration testing to evaluate the effectiveness
of existing security controls and recommend improvements.
● Stay up to date with the latest industry trends, emerging threats, and best practices in cloud security, and
provide recommendations for enhancing the organization's cloud security posture.
● Has worked on multiple client engagements in assessing the security controls, control testing and gap
assessments for cloud environments. Experience in creating end-to-end data flow and design diagrams.
● Exceptional understanding of Cloud Security standards/frameworks such as CSA (Cloud Security Alliance), CIS,
MITRE ATT&CK, Cloud Controls Matrix (CCM), ISO/IEC 27001/27002, NIST, COBIT, SOX, SSAE16/SOC 2
and so on, pertaining to cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud
Platform (GCP), etc.
● A strong understanding of cloud computing technologies, including Infrastructure as a Service (IaaS), Platform
as a Service (PaaS), and Software as a Service (SaaS).
● Collaborate with external auditors and regulatory bodies to ensure compliance with relevant security standards
and regulations (e.g., GDPR, HIPAA, PCI-DSS).
● Good understanding of AWS services such as EC2, S3, RDS, ELB, VPC, ElastiCache, CloudWatch, AWS Route
53, CloudFront, SNS, IAM, Cost management etc.
● Good understanding of Azure services like Resource Manager, Azure SQL, VNet, Azure Diagnostics, OMS, Traffic
Manager, CDN, Azure Notification Hubs, Azure Identity and Access Management.
● Good understanding of AWS/Azure DevOps, DevSecOps, CI/CD pipelines, etc.
● Strong understanding of application infrastructure, secure protocol connectivity, identity and access
management, encryption, network security, data protection mechanisms, mobile security, and API functions.
● Responsible for managing relationships with clients that provide for the continuous monitoring program that
includes closing findings, completing assessments, and attesting that ongoing management activities are
conducted.
● Ability to identify opportunities for improvement in policies, processes, procedures & standards, and recording
them as per standardized requirements.
● Exceptional written and oral communication skills with executive presence that enable effective engagement &
the ability to interpret and articulate security scenarios and recommendations to senior management.
● Be an individual team player with thought leadership and adaptable to working in Agile environment.
Desired Skills
● Excellent presentation, project management, facilitation, delivery skills, and strong analytical and
problem-solving capabilities to be able to lead discussions with client stakeholders including executives and head
of departments.
● Excellent understanding of the latest technology patterns in cloud environments such as IAM, deployment
methodologies, automation solutions and capabilities,
● Have a strong grasp on complex risk management, assessment theories, concepts & practices as well as intricate
cybersecurity laws & guidelines. Familiarity with organizational policies, government regulations, and
information technology ethics.
● Demonstrate creativity, innovative thinking, adapt to trying new techniques, and employing the latest
technologies.
● Documentation of cloud architecture at all stages is an inherent need to complement the technical efforts.
● Staying abreast of the latest cloud security technologies, automation, ML & AI trends, and best practices.
● Understanding of technology patterns and key cloud services for major cloud environments (e.g., AWS, Azure)
such as Compute (e.g., Containers, Lambda), Database and Storage (RDS, Redshift, DynamoDB) as well as
services set for supporting applications that use AWS Analytics (e.g., EMR (Electronic Medical Record), Kinesis,
Pipeline).
● Demonstrate proven extensive abilities along with leveraging creative thinking and problem-solving skills,
individual initiatives, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint), SharePoint and
Google Docs.
● Proven ability to create domain specific training content and deliver training effectively

Professional and Educational Background
● Bachelor's / Master's degree in computer science / communications, or related field from reputed Indian
Universities.
● Certification(s) Preferred: Certified Cloud Security Professional (CCSP), Certified Information Systems Auditor
(CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional
(CISSP), or Certified in Risk and Information Systems Control (CRISC).
● Cloud Certifications Preferred: AWS Cloud Practitioner or Cloud Architect, Azure Fundamentals or above, GCP
related certifications, etc.

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

0%

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date