A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You’ll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets.

What to consider before applying

• This is a remote position, requiring the ability to work virtually.

Purpose-led work you’ll be part of 

As an Application Security Risk Manager, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. Responsibilities include but are not limited to:

• Work with Risk Reviewers to ensure tickets are being processed accurately and efficiently
• Work with Consultation Services Architects to identify gaps in compliance and determine inherent risk, mitigating factors, and residual risk
• Collaborate with other AppSec sub pillar teams to ensure relevant processes are completed as necessary and in good standing to support AR disposition
• Interface with customers to provide guidance relevant to AppSec requirements
• Escalate risks and other concerns to Application Readiness Regional Leads, BISOs, CISOs, and other relevant stakeholders
• Interface with a number of other NIS service providers, such as Policy, TPRM, Issues Management, Threat Management
• Provide disposition on ARR tickets and publish other deliverables (ARA report or Risk Statement) as applicable

Experiences and skills you’ll use to solve

• Customer service skills to create an exceptional customer experience
• Strong organizational and time management skills to support multiple concurrent reviews
• People leadership skills to provide oversight of Risk Reviewers, coaching and mentoring in an informal fashion
• Knowledge of the Information Security Policy, Application Readiness Standard, and applicable supporting Standards
• Understand the purpose of Application Readiness process
• Ability to assess whether a control is \'met\' or \'not met\' (black and white)
• Ability to navigate the gray when a control does not meet the letter of the control
• Ability to review documentation analytically, and assess control compliance based on information/documentation provided.
• Ability to evaluate complex data and determine whether data can be used to support the reviews being conducted
• Ability to pull facts and details related to controls from different types of documentation and diagrams submitted
• An understanding of when and how to escalate
• Good understanding of Application IT Security Standards, on-premise as well as cloud-based.
• Good understanding of risk management and experience with identifying and assessing potential information security risks.
• Good understanding and exposure to technical risk assessment along with vulnerability assessment and penetration testing.
• Strong communication skills and the ability to provide risk guidance, inform management about potential risk issues, and relay information about policy requirements effectively
• Proper Experience in coordination of issue tracking, Follow-Ups, communication skills in a global environment.
• CISSP / CISM /CISA / CCSK / CCSP / CRISC considered an asset
• A demonstrated commitment to valuing differences, developing and coaching diverse teams, and ensuring diverse perspectives are heard