Information Security Senior Associate

PwC Acceleration Center Manila (hereinafter, the “Company” or the “Center” or “PwC AC Manila” or “AC Manila”) is a joint venture of PricewaterhouseCoopers (“PwC”) Firms from across the Asia Pacific. It was established to provide professional services to support PwC member Firms in the Asia Pacific, Americas, and European regions only, excluding clients registered and based in the Philippines.

PwC AC Manila is part of a network of PwC service delivery centres around the globe, known as the PwC Acceleration Centers and is staffed by specialised professionals connected through common methodologies, tools and metrics. This strategy is designed to ultimately increase value for our clients and our PwC member firms through improved productivity, enhanced quality and lower cost of delivery.

We are guided by “The PwC Professional”, our global framework for defining and encouraging leadership at all levels. The five core attributes of the framework--whole leadership, technical capabilities, business acumen, global acumen, and relationships--guide all PwC AC Manila employees in providing value for our business and our clients.

KEY RESPONSIBILITIES

Operational

• Conducting cyber security assessments, including security maturity, security risk assessments, compliance gap analysis, security strategy to understand the overall security posture of a system/s, environment/s and or specific assets
• Development of supporting artefacts that support ongoing systems accreditation activities
• Reporting and presenting to both technical and business stakeholders

People

• Work effectively with Partners, Directors and Managers to provide business support, maintain communication and update on engagement progress.

QUALIFICATION REQUIREMENTS

• Bachelor's Degree in IT, Computer Engineering or degrees with specialization in IT will be considered
• Candidates with 2-3 years of relevant experience in similar roles, preferably with a “Big 4” or equivalent.
• Experience in cyber security assessments, internal audit or a related field.
• Experience in technology and cybersecurity controls testing.
• Experience in 1 or more of the following areas is essential:
  • Security controls testing
  • Security strategy, governance, risk and compliance
  • Security policies, procedures, standards and controls in line with regulation and/or current standards, ISO27001, NIST, SANS etc.,
  • Data privacy and data protection controls
  • Cloud technologies and cloud security
  • Third party security
  • Vulnerability management
  • Knowledge of regulations and standards relating to protection of data and cybersecurity (PCI, GDPR, SWIFT, etc.).
  • Experience using industry best practice frameworks (e.g. NIST CSF, ISO 27001, CIS, SANS, etc.)

Certification/s Preferred:

• CISA / CISM / CRISC / CISSP / ISO 27001 LA certifications