Risk Quality - Information Security Analyst- Associate - UAE

Internal Firm Services

Not Applicable

IFS Risk & Quality (R&Q)

Associate

PwC is driving major change across information and cyber security by building a centralized model to provide security services across the entire member firm network. The Network Information Security (NIS) operates outside IT and leads the global Cyber Readiness Program, transitioning from local to globally provided services. Our mission is to identify and reduce the attack surface across the member firm network while increasing an adversary’s cost of attack.

The NIS team is structured into the following pillars: Information Security Risk and Compliance (ISRC), Chief Information Security Office (CISO), Security Architecture Engineering Innovation and Transformation (SAEIT), Cyber Security Services, Strategy and Alliances, and Chief of Staff. NIS is building the first global cyber‑security function at PwC, protecting 223 000 members across 157 member firms worldwide and our global clients.

If you seek an exciting career with scope to grow your cyber security skills through major change on a global scale, NIS will empower you to do so. The CISO pillar within NIS is responsible for engagement, governance, measurement, and service interface. This pillar works closely with member firm stakeholders to understand their business model, roadmap and drive adoption of central security services in line with the PwC Cyber Readiness program.

The CISO Services Team comprises four core areas: CISO Engagement, NIS Service Interface, CISO Measurement, and CISO Governance. These areas support member firm ISOs and their staff in implementing the PwC Information Security Policy (ISP).

• Conduct analysis of member firm needs to decide on implementation of NIS global security strategy
• Engage stakeholders to assess security threats and manage business risk
• Facilitate support from SAEIT and Cyber Security Service Management throughout the service lifecycle
• Assess service availability, adoption rates and maturity to manage risk to business programs
• Govern member firms for compliance with PwC ISP and legal/regulatory frameworks
• Engage Global IT and Applications to review security controls against ISP

Selected candidates will have extensive knowledge and managerial experience related to the CISO pillar skill matrix, including:

• Managing multifunction relationships throughout major transformation
• Understanding of security technology
• Experience balancing business stakeholders with a central service organization
• Navigating a multifaceted matrix organization
• Collaborating with multiple stakeholders across functional and technical skillsets

A 1E employee possesses subject‑matter knowledge in a specific technical domain of the CISO Services function. They evaluate circumstances and make independent recommendations to execute strategy, influence others, and manage business engagement and relationship activities. They build relationships across the network to deliver security activities, executing tasks with autonomy.

• Manage relationships across PwC member firms
• Map existing member firm services to the NIS service catalogue
• Define roadmap for integration of member firm services into shared NIS services
• Provide consultancy throughout service integration

• Capture metrics aligned to service integration and service adoption
• Drive quality of service to stakeholders

Required: High school diploma or G.E.D.
Preferred: Undergraduate degree in Information Technology or a related field, or completed cybersecurity certifications.

1–3 years of progressive professional roles involving information security, IT management, or major program management.

An effective CISO pillar candidate will possess the following skills:

• Analytical: inquisitive nature and intuition regarding critical questions
• Technical: broad understanding of security technology
• Business: high‑level understanding of PwC’s business model and operating environment, framing threats in a business context for non‑technical staff and executives
• Domain landscape: knowledge of assurance and technical security principles
• Communication: ability to inform, persuade, and teach stakeholders across a global network

• Accepting Feedback
• Active Listening
• Agile Methodology
• Azure Data Factory
• Communication
• Cybersecurity
• Cybersecurity Framework
• Cybersecurity Policy
• Cybersecurity Requirements
• Cybersecurity Strategy
• Emotional Regulation
• Empathy
• Encryption Technologies
• Inclusion
• Intellectual Curiosity
• Managed Services
• Optimism
• Privacy Compliance
• Regulatory Response
• Security Architecture
• Security Compliance Management
• Security Control
• Security Incident Management
• Security Monitoring

0

Yes

Yes