Line of Service

Advisory

Industry/Sector

FS X-Sector

Specialism

Risk

Management Level

Associate

Job Description & Summary

We are seeking a highly skilled IT and Cyber Security Risk Management and Internal Audit Consultant to join our organization. This role will be responsible for identifying, assessing, and managing IT and cybersecurity risks while ensuring internal audit processes are in place to maintain compliance with industry standards and regulations. The consultant will support the development and implementation of risk management strategies, assess internal controls, and provide recommendations for improvements to enhance the security posture of the organization.

*Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. "

Responsibilities:

Key Responsibilities:

Risk Assessment and Management:Identify, assess, and prioritize IT and cybersecurity risks across the organization.Develop and implement strategies to mitigate identified risks, focusing on both technical and operational controls.Monitor and evaluate the effectiveness of risk mitigation measures and provide recommendations for improvements.Conduct vulnerability assessments, threat modeling, and penetration testing to evaluate system weaknesses.Stay updated on industry trends, emerging threats, and regulatory changes related to IT security and risk management.Internal Audit:Conduct audits of IT and cybersecurity systems, policies, procedures, and controls to ensure compliance with internal standards, industry regulations, and legal requirements.Develop and execute internal audit plans, including scoping, fieldwork, and report writing.Collaborate with internal and external stakeholders to assess and improve the organization’s IT and cybersecurity governance structure.Evaluate existing security controls and provide actionable recommendations to mitigate risks.Assist in preparing audit reports that provide clear and actionable findings for senior management and other relevant stakeholders.Policy and Procedure Development:Assist in the development and maintenance of IT security policies, procedures, and standards.Ensure policies and procedures are aligned with industry best practices and regulatory requirements.Provide guidance on the implementation of security controls across IT infrastructure and software applications.Incident Management:Provide support for the development of incident response plans, ensuring they address potential IT and cybersecurity incidents.Lead or assist in investigations of security breaches and other incidents, conducting root cause analysis and recommending corrective actions.Collaboration and Reporting:Work closely with various departments, including IT, legal, compliance, and senior management, to ensure alignment on risk management and security initiatives.Prepare and present clear, concise risk management and audit reports to senior leadership, outlining key findings, risks, and recommendations.Provide training and awareness programs to staff on cybersecurity risks, internal controls, and best practices.Compliance and Regulatory Support:Stay informed on regulatory and compliance requirements related to IT security, data privacy, and risk management (e.g., GDPR, NIST, ISO 27001, SOC 2, PCI-DSS).Support compliance assessments and help ensure the organization meets regulatory obligations.

Skills and Qualifications:

Education:Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent work experience).Relevant professional certifications (e.g., CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, etc.) are preferred.Experience:3-5 years of experience in IT risk management, cybersecurity, internal audit, or a related field.Experience conducting risk assessments, vulnerability assessments, and penetration testing.Strong knowledge of cybersecurity frameworks, IT governance, and risk management standards.Hands-on experience with security tools, vulnerability scanning, and risk management software.Knowledge of regulatory requirements and compliance frameworks (e.g., GDPR, NIST, ISO 27001, SOC 2, PCI-DSS, HIPAA).Technical Skills:Proficiency in cybersecurity tools, risk management software, and auditing techniques.Familiarity with networking protocols, system architectures, firewalls, encryption, and intrusion detection systems.Knowledge of cloud security and emerging technologies (e.g., IoT, AI, blockchain).Soft Skills:Excellent analytical and problem-solving skills.Strong communication and presentation abilities, with the ability to explain complex technical topics to non-technical stakeholders.Detail-oriented with the ability to work independently and manage multiple projects.Ability to foster relationships and collaborate across multiple teams and departments.High level of integrity, ethics, and professionalism.

Additional Requirements:

Ability to travel as required for audits, assessments, and client engagements.Experience working with senior management to influence decision-making regarding risk and cybersecurity posture.Strong organizational skills and the ability to manage multiple priorities effectively.

Mandatory skill sets:

Risk Assessment and Management, Internal Audit

Preferred skill sets:

Relevant professional certifications (e.g., CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, etc.) are preferred

Years of experience required:

3-5 Years

Education qualification:

B.Tech/MCA/MBA with IT background/ Bachelor’s degree in Information Technology, Cybersecurity, Computer Science

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Master of Business Administration, Bachelor of Engineering, Bachelor of Technology

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Internal Audit, Risk Assessments, Risk Management

Optional Skills

Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, CyberArk Management, Cybersecurity, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), Identity-Based Encryption, Identity Federation, Identity Governance Framework (IGF), Identity Verification, Inclusion, Information Security {+ 17 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date