In Senior Asscoiate Information Security Risk Manager In It Services Co Ifs Mumbai, Pune, Gurgaon

Year    Pune, Maharashtra, India

Job Description


Line of Service Internal Firm ServicesIndustry/Sector Not ApplicableSpecialism OperationsManagement Level Senior Associate & Summary A career in Information Technology, within Internal Firm Services, will provide you with the opportunity to support our core business functions by deploying applications that enable our people to work more efficiently and deliver the highest levels of service to our clients. Youll focus on managing the design and implementation of technology infrastructure within PwC, developing and enhancing both client and internal facing applications within PwC, and providing technology tools that help create a competitive advantage for the Firm to drive strategic business growth.Our Information Technology Security team assists PwC in designing and creating sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation, Information Technology security architecture, and the software development lifecycle.*Why PWCAt PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more .At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " & Summary:PwC is driving major change across technology including the building of a centralized model to deliver and manage technology services across the entire network of member firms.An Information Security Risk Manager plays a crucial role in ensuring an organizations information security and compliance with relevant policies and standards.Information Security Risk Manager aligns with Information Security team members to ensure there is an effective implementation of controls & process in place. Responsible for identification of Cyber security risks, their impact assessment and appropriate measures put in place to eliminate them or mitigate their effect. Responsible for Information Security policy and standards adherence and enforcement across all business linesResponsibilities:

  • Develop comprehensive security policies, procedures, and guidelines to protect the organizations information assets.
  • Ensure that security policies are enforced across all departments, business units and that any deviations are promptly addressed.
  • Regularly review and update security policies to reflect changes in the threat landscape.
  • Identify potential security risks through regular risk assessments and reviews. Manage Security Exceptions.
  • Develop and implement strategies to mitigate identified risks, including technical controls, process improvements, and employee awareness through effective risk management frameworks (NIST, ISO 31000)
  • Enforce security assessments of vendors and third parties to ensure they meet the organizations security requirements.
  • Ensure that security requirements are included in contracts with vendors and third parties.
  • Coordinate internal and external audits, ensuring that all findings are addressed and remediated.
  • Prepare and submit compliance reports, dashboards, records etc.
  • Awareness to applicable standards and regulations xe2x80x93 ISO 27001, ISO 22301, IT Act, SSAE, PCI-DSS, NIST, CIS Benchmark, cert-in.
  • Responsibility to ensure that organizations applications and databases are secure.
  • Understanding of Secure SDLC, DevOps, OWASP, AzureDevOps, GitHub
  • Directing efforts to secure code, such as code reviews, project security reviews, penetration testing support, and application risk assessments and mitigation across the software development lifecycle.
  • Assist Business Units and Software Developers in the evolution of its application security functions and services.
  • Lead the remediation of application security and penetration testing findings (SAST, DAST)
  • Manage integration with assessment techniques, including Static Code Analysis and Dynamic Code Analysis
Mandatory skill sets:
  • Security Technologies: Understanding of security technologies such as firewalls, intrusion detection/prevention systems, SIEM, endpoint protection, Web application firewalls, Identity and Access Management, Application Security.
Preferred skill sets:
  • Cloud Security: Understanding of securing cloud environments (e.g., AWS, Azure, Google Cloud).
  • Network Security: Understanding of network security principles and practices.
Years of experience required:Certifications: Minimum one strongly encouraged (CISSP, CRISC, CISM)
  • 4 xe2x80x93 6 years of experience in Information Security Management, Risk management, Application Security, ISO 27001, ISO 31000, NIST Cyber Security Framework, NIST Risk Assessment Framework, CIS Benchmark.
,Education qualification:Bachelor or equivalentsEducation (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Master Degree, Bachelor DegreeDegrees/Field of Study preferred:Certifications (if blank, certifications not specified)Required Skills Application SecurityOptional SkillsDesired Languages (If blank, desired languages not specified)Travel Requirements Not SpecifiedAvailable for Work Visa Sponsorship? NoGovernment Clearance Required? NoJob Posting End Date

PwC

Beware of fraud agents! do not pay money to get a job

MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Job Detail

  • Job Id
    JD3533407
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Pune, Maharashtra, India
  • Education
    Not mentioned
  • Experience
    Year