IN_Associate_Compliance Specialist _IN IT Services CO_IFS_PAN India

Line of Service

Internal Firm Services

Industry/Sector

Not Applicable

Specialism

Operations

Management Level

Associate

Job Description & Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisation's security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure.

*Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. "

Job Description & Summary: 

PwC is driving major change across information and cybersecurity by building a centralized model to provide security services across the entire member firm network. The Network Information Security (NIS) organization is tasked with designing, implementing and maintaining information security capabilities and services for PwC Network of member firms.  
The NIS - ISP Compliance team role is to identify compliance gaps against the PwC Information Security Policy. The compliance assessor will use the provided questionnaires to identify when a solution or tool is meeting or is not meeting PwC security control requirements.  
The compliance assessor will work closely with the aligned risk manager to identify which compliance gaps should be raised as findings against policy and require a risk treatment plan; thereby limiting security risk in the PwC network. 
The ideal compliance assessor will have familiarity with PwC security policies and standards, and with PwC’s risk tolerance. He or she will identify areas of non-compliance within applications against PwC controls, identify the risk to the project team, and work with the project teams to ensure appropriate risk treatments are in place, culminating in a final risk report. Compliance Assessors should have familiarity with industry security controls and best practices and should have experience in performing compliance assessments

Responsibilities:

As a Compliance assessor, you would, 

• Review of the effectiveness of controls referring the evidence provided 
• Responsible for carrying out critical security reviews in a cross territory cross-platform environment where collaboration with different teams is a key requirement. 
• Ability to understand the Information Security Policy, evidence requirements and test procedures linked to controls 
• Benchmark the findings with the best practices 
• Prepare matrix and reports 
• Demonstrate appropriate knowledge on understanding effective control implementation in the following domains: 
• Identity and Access Management 
• Data Protection 
• Borderless Connectivity 
• Cloud & Services Hosting 
• Endpoint Security 
• Cyber Security Operations 
• Application Security 
• Demonstrate flexibility, adaptation, and eagerness for learning in an ever-changing global enterprise environment. 
• Flexible with the time of operations (no night shift though) 
• IT Audit exposure/experience preferred 
• Good working knowledge in MS Office tools 
• Demonstrates some abilities and/or a proven record of success in the following areas: 
• Building solid relationships with stakeholders and colleagues. 
• Approaching stakeholders and colleagues in an organized manner 
• Delivering clear requests for information 
• Demonstrating flexibility in prioritizing and completing tasks 
• Escalating potential conflicts to a supervisor 
• Performing research using available tools and methodologies 
• Writing and communicating in a corporate environment 

Mandatory skill sets:

ISO270001, Power BI, Information Security Policy

Preferred skill sets:

• Good understanding of Security Standards, on-premises as well as cloud-based. 
• Good understanding of different development platforms and secure software lifecycle concepts. 
• Good understanding and exposure to technical risk assessment along with vulnerability assessment and penetration testing. 
• Proper experience in coordination Issue tracking, Follow-Ups, and communication skills in a global environment. 

Years of experience required:

  4 yrs

Education qualification:

Bachelor’s degree 

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor Degree

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Compliance PCI

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing {+ 11 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date