Job Description

Line of Service AdvisoryIndustry/Sector Not ApplicableSpecialism Cybersecurity & PrivacyManagement Level Senior Associate & Summary At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively.As a risk management generalist at PwC, you will provide advisory and practical support to teams across a wide range of specialist risk and compliance areas.Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isnxe2x80x99t clear, you ask questions, and you use these moments as opportunities to grow.Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Respond effectively to the diverse perspectives, needs, and feelings of others.
• Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems.
• Use critical thinking to break down complex concepts.
• Understand the broader objectives of your project or role and how your work fits into the overall strategy.
• Develop a deeper understanding of the business context and how it is changing.
• Use reflection to develop self awareness, enhance strengths and address development areas.
• Interpret data to inform insights and recommendations.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.

OverviewThe Cyber Resilience Senior Associate will be responsible for developing and implementing cyber resilience strategies and programs, ensuring the resilience and continuity of IT systems. The ideal candidate should have a strong understanding of cyber resilience practices and standards, possess excellent communication and organizational skills, and be able to work independently as well as part of a team.Key ResponsibilitiesCreate and enforce comprehensive business continuity and cyber resilience strategies to ensure clients' operations can withstand and quickly recover from disruptions.Conduct thorough risk assessments and develop risk treatment plans to identify and manage vulnerabilities and potential threats to business operations and cyber resilience.Provide expert advice to clients on business continuity and cyber resilience, including policy development, risk assessments, and compliance strategies.Design and document IT Disaster Recovery (ITDR) policies and procedures, including Application Sensitivity Assessments (ASA) and Failure Mode and Effects Analysis (FMEA).Develop and implement Business Continuity and Disaster Recovery (BCDR) plans, Information Security Management Systems (ISMS), and enterprise risk management frameworks.Develop and execute incident response plans, ensuring rapid and effective recovery from cyber incidents and other disruptions.Develop and execute disaster recovery plans and runbooks and facilitate tabletop simulation exercises focusing on natural disasters and cyber threats.Manage all phases of disaster recovery testing initiatives, including planning, coordination, execution, and post-drill activities.Implement and oversee compliance monitoring, auditing, and remediation activities to ensure adherence to relevant regulations and best practices.Develop and deliver training programs for clients and internal teams to promote awareness and preparedness for business continuity and cyber resilience.Provide advisory services on the selection and implementation of Business Continuity Management (BCM) tools and the automation of BCMS processes.Contribute to practice enablement and business development activities (development of SOWxe2x80x99s, RFPs in alignment to clientxe2x80x99s requirement, etc.)Drive initiatives to develop innovation quotient (publishing whitepapers, help develop business case for an innovative technical idea to seek investments, point of view, etc.)Position RequirementsIn-depth understanding of cyber resilience principles, business continuity, and disaster recovery frameworks.Knowledge of network security/hardening, whitelisting, and cybersecurity best practices.Proficiency in conducting risk assessments and developing IT Disaster Recovery plans and procedures.Good knowledge of cybersecurity principles, theories, and techniques.Knowledge of relevant standards and regulations, including ISO 27001, ISO 22301, NIST SP 800-61, and the Digital Operational Resilience Act (DORA).Experience working with frameworks such as MITRE ATT&CK, NIST, and SANS Incident Response.Understanding of information security management systems (ISMS) and enterprise risk management (ERM) practices.Experience in creating and maintaining Business Continuity Plans (BCPs), Crisis Management Plans (CMPs), and IT Disaster Recovery (ITDR) plans.Demonstrate application of business acumen while leveraging technologies.Desired KnowledgeRelevant certifications such as ISO 22301, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are highly desirable.Excellent leadership, teamwork, and collaboration skills.Practical experience in conducting business continuity and cyber resiliency testing and simulations.Proficient in security operations, particularly in handling security incidents, cyber threat intelligence, and proactive threat hunting.Hands-on experience with cyber defense security technologies, including SIEM, security detection platforms (IPS/IDS), and EDR/XDR (defense-in-depth).Experience working with cloud platforms such as AWS, Azure, or GCP.Years of experienceMinimum of 3-8 years of experience in business continuity, cyber resilience, or a related field. Experience in a consulting environment is highly desirable.Professional and Educational BackgroundBE / B Tech / MCA / MS / MBA (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems).Additional InformationTravel Requirements: Not ApplicableLine of Service: AdvisoryIndustry: ConsultingLocation: Bangalore, Hyderabad, Mumbai, Kolkata, Chennai, PuneEducation (if blank, degree and/or field of study not specified) Degrees/Field of Study required:Degrees/Field of Study preferred:Certifications (if blank, certifications not specified)Required SkillsOptional Skills Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Anti-Money Laundering (AML), Coaching and Training, Communication, Compliance Advisement, Compliance Oversight, Compliance Program Implementation, Compliance Risk Assessment, Confidential Information Handling, Contract Review, Contractual Risk Mitigation, Contractual Risk Monitoring, Contract Writing, Creativity, Crisis Management, Data Loss Prevention (DLP), Data Security, Discretion and Business Ethics, Embracing Change, Emotional Regulation, Empathy, Financial Risk Management {+ 32 more}Desired Languages (If blank, desired languages not specified)Travel Requirements Not SpecifiedAvailable for Work Visa Sponsorship? NoGovernment Clearance Required? NoJob Posting End Date

PwC