Head of Information Security

Line of Service

Internal Firm Services

Industry/Sector

Not Applicable

Specialism

IFS - Risk & Quality (R&Q)

Management Level

Director

Job Description & Summary

As the PwC Middle East CISO you will work across the Middle East firms to continue to drive the maturation of the member firm information security risk posture based on global strategy, member firm business requirement and risk appetite. You will be responsible for driving the Network Information Security (NIS) strategy within the Middle East territories and will act as the common link between local leadership and global NIS functions for all information security-related topics.

To be successful in this role, you will promote continuous improvement, innovation and agility in security service delivery, whilst working in consultation and collaboration with colleagues across PwC (locally, regionally and globally). As the ME CISO, you will be responsible for overseeing a range of technical and process-driven security controls and leading a programme of continuous improvement in response to changing security threats. The role requires a thorough understanding of the technology underpinning the ME firm’s IT systems, as well as a broad, up-to-date knowledge of information security frameworks, pertinent regulation and legislation, vulnerability management, incident management and response, secure development techniques and approaches, cyber security engineering and operations, and management and governance of cyber risk and cyber security. You will also have extensive experience of managing executive level stakeholders and diverse and distributed teams operating in a dynamic environment.

Having performed a comparable role in a large organisation, you will have a strong information and cyber security background. You will have led a progressive information security function, developing innovative, future focused information and cyber security capability in support of business objectives. You will be a strategic and lateral thinker with exceptional leadership credentials and a collaborative approach to stakeholder and supplier management.

This is a fantastic opportunity to join a world class organisation in a pivotal and highly visible leadership role which will require high levels of personal energy and commitment.

• Define, develop and maintain an information security strategy and operating model that is aligned to our Network Information Security strategy and local business requirements;

• Drive and deliver change to our information and cyber security systems, processes and procedures by identifying growth opportunities, continuously analysing and reviewing new security technologies and practices as informed by industry best practice;

• Identify, plan for and communicate projects/work packages to stakeholders and governance groups; 

• Regularly report to leadership stakeholders via various governance forums on information and cyber security matters; 

• Lead a team of security professionals at various grade levels, across multiple specialisms, to deliver expertise to provide security assurance to the ME firm, whilst supporting our technology growth ambitions;

• Provide coaching and feedback to foster a culture of innovation and continuous improvement that encourages a high level of professional development and personal responsibility;

• Ensure that the culture, policies, structures and reporting systems are in place to allow the CISO team to achieve the highest standards of quality, legal and regulatory compliance and corporate governance in all areas;

• Establish and maintain clear and measurable Information and cyber security performance indicators and deliver measurable service improvements to ensure that all elements of our services represent the best value for money; 

• Ensure that information and cyber security risks are identified and managed appropriately;

• Lead on development and delivery of measures and metrics to support the assessment, reporting and ongoing improvement of our information security posture;

• Ensure and promote an appropriate level of information security culture and awareness across the firm;

• Direct, and assist as necessary, investigations into information security incidents.

The right candidate will possess the following skills:

• A collaborative leader with strategic acumen and problem-solving skills, able to inspire and motivate;

• Proven people management experience to provide coaching and development for others to maximise their potential.

• A self starter with the ability to lead and drive change through an organisation - cutting through organisational and political barriers to achieve the desired goal;

• Problem-solver who can prioritise and identify problems and make quick, sound decisions by applying independent judgement and by collaborating with others;

• Proven record of managing multi-function relationships throughout major transformation and collaborating with multiple stakeholders across functional and technical skill sets to identify, build and maintain security capabilities or controls.

• Build consensus and collaborate with a range of stakeholders including global information security experts, technology specialists and risk teams;

• Ability to be pragmatic while balancing the needs of the firm against security;

• Proven record of success, supporting and/or coordinating Information Security Governance to enhance to decrease repeat findings and issues, and make other process efficiency improvements.

• Extensive understanding of technology and how security is applied to technology in an enterprise setting;

• An ability to think and plan strategically and systematically while recognising the need to deliver to the business; requirements;

• Excellent communication skills – both oral (for interviews/meetings/presentations) and written (for designing and writing engaging reports which communicate findings succinctly and clearly convey the message);

• Able to present complex or highly technical issues in simple and easy-to-understand formats;

• Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance;

• Ability to frame threats and exposures in a business context recognised by non-technical staff and executives;

• Understanding of PwC’s business model, service offerings, and business operating environment as it pertains to the firm’s threat landscape;

• Experience providing expert strategy, risk and technical advice, guidance and support on cyber security matters. 

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Up to 20%

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date