UK Information Security Risk Manager

Internal Firm Services

Technology

IFS - Information Technology (IT)

Manager

About the role:

PwC continues to invest in cyber security capabilities to protect our business and our clients. Within PwC's Global Network Information Security (NIS) team, the UK CISO Governance, Risk & Compliance (GRC) team acts as a trusted risk advisor to the UK business. By providing guidance on cybersecurity-related risks and ensuring alignment with PwC's global cybersecurity strategy, we help our UK stakeholders implement effective security measures to mitigate risks and protect the firm's interests.

As the Information Security Risk Manager, your role is to drive risk management activities to help identify and reduce the risks related to information security associated with technology used within the firm.

• Establish a robust information security risk management framework along with clear policies and procedures to provide visibility of aggregated risk at the enterprise / executive level through analysis and reporting.
• Drive the implementation of risk mitigation strategies by collaborating closely with leadership, internal risk teams, and other stakeholders to ensure alignment with strategic objectives, fostering a culture of risk‑awareness, enhanced communication and informed decision‑making.
• Prioritise activities by organisational risk and criticality to align risk management with business goals and enhance operational resilience. Focusing on high‑impact areas to ensure efficient resource allocation and providing leadership with a comprehensive risk perspective.
• Collaborate with senior stakeholders for insights on existing and emerging technologies like GenAI, offering strategic updates and impact assessments for informed decision‑making.

• Strong communication and influencing skills to assist, inform, and build relationships with stakeholders in both the business and support teams, to enable effective information security activities and processes aligned to the firm's security strategy.
• Bring high energy and thrive on helping people to solve problems, stakeholder management/customer service outlook – working with business teams to achieve positive outcomes.
• Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
• Excellent time management skills, balancing working efficiently on your own and contributing as part of a wider team – prioritising and recognising when to elevate to management.
• An interest in PwC's business model, service offerings, and business operating environment as it pertains to the firm's threat landscape.

• Previous proven management experience in an information security risk management role.
• Formal certifications/qualifications in Information Security (CISSP, CISM, CRISC, CompTIA Security+).
• Extensive knowledge of risk assurance frameworks essential, such as ISO 31000; NIST CSF; ISO 27001.
• Knowledge of technical security principles highly desirable.
• Broad understanding of technology and how security is applied to technology in a large enterprise setting.
• Experience at an enterprise, global company or big‑four firm is desirable.
• Strong data manipulation and visualisation skills (PowerBI, Alteryx, Excel).

No matter where you may be in your career or personal life, our benefits are designed to add value and support, recognising and rewarding you fairly for your contributions. We offer a range of benefits including empowered flexibility and a working week split between office, home and client site; private medical cover and 24/7 access to a qualified virtual GP; six volunteering days a year and much more.

• Accepting Feedback
• Active Listening
• Analytical Thinking
• Azure Data Factory
• Coaching and Feedback
• Communication
• Creativity
• Cybersecurity
• Cybersecurity Governance
• Data Architecture
• Data Archiving
• Data Flow Mapping
• Data Privacy Act
• Embracing Change
• Emotional Regulation
• Empathy
• Enterprise Content Management
• Incident Response Plan
• Inclusion
• Information Rights Management (IRM)
• Information Security
• Information Security Governance
• Information Security Management System (ISMS)
• Intellectual Curiosity
• … and many more

Not Specified

Yes

No