PwC Cybersecurity-Incident & Breach Response- Senior Manager in Washington, District Of Columbia
Specialty/Competency: Cybersecurity & Privacy
Industry/Sector: Not Applicable
Time Type: Full time
Travel Requirements: Up to 80%
A career in our Incident and Crisis Management practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.
Our team helps organisations manage their controls over access to critical systems and assets during a crisis or an active cyber threat. As part of the team, you’ll help us develop controls to stay ahead of a crisis, but also help us maintain security and information risk by responding and remediating any current or future cyber threats.
To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.
As a Senior Manager, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:
– Take action to ensure everyone has a voice, inviting opinion from all.
– Establish the root causes of issues and tackle them, rather than just the symptoms.
– Initiate open and honest coaching conversations at all levels.
– Move easily between big picture thinking and managing relevant detail.
– Anticipate stakeholder needs, and develop and discuss potential solutions, even before the stakeholder realises they are required.
– Develop specialised expertise in one or more areas.
– Advise stakeholders on relevant technical issues for their business area.
– Navigate the complexities of global teams and engagements.
– Build trust with teams and stakeholders through open and honest conversation.
– Uphold the firm’s code of ethics and business conduct.
Minimum Degree Required: Bachelor's Degree in Cybersecurity, Computer Science, MIS or other degrees with high level understanding of cloud security, network security, security architecture, data security,and/or cyber defense
Minimum Years of Experience: 7+ years of experience in cloud security, network security, security architecture, data security,and/or cyber defense
Demonstrates intimate knowledge of:
network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network
laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
common regulatory requirements such as OCC HS, FFIEC, GLBA, NY DFS, GDPR etc. as well as industry frameworks such as ISO 27001/2, NIST CSF, COBIT, ISO, and PCI
the current FRCP Guidelines and evidential continuity industry leading practice including chain of custody
dynamic and static malware analysis and sandboxing with the ability to reverse engineer and debug malware samples using tools such as IDA Pro, Responder Pro or OllyDbg, including defeating anti debugging, packing and obfuscation techniques
Enterprise Cloud solutions across IaaS, PaaS & SaaS, such as AWS, Azure, OpenStack, Cloud Foundry, Salesforce, Microsoft Office 365, Box etc.
Enterprise security and Cloud security specific solutions such as IAM/IdaaS, CASB, Identity Governance, Cloud SOC/SIEM, Key Management & Encryption, Public, Private and Hybrid cloud solutions
database systems and data backup and recovery
current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
the Risk Management Framework Assessment Methodology
Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
IoT protocols (e.g., MQTT, COAP, DDNS), implementation and consumption of REST APIs, with an understanding of WS-Security, simulated devices usage experience (e.g., Raspberry Pi and Amazon Dash), and security concepts, including OAUTH and OIDC
specific operational impacts of cybersecurity lapses
cyber defense and vulnerability assessment tools and their capabilities
business continuity and disaster recovery continuity of operations plans
Demonstrates intimate abilities and/or a proven record of success to:
develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
apply system design tools, methods, and techniques, including automated systems analysis and design tools.
interpret and translate customer requirements into operational capabilities.
develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
function effectively in a dynamic, fast-paced environment.
translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
prioritize and allocate cybersecurity resources correctly and efficiently
prepare and present briefings
coordinate with senior leadership of an organization to identify the organizational risk posture based on the aggregated risk from the operation and use of the systems for which the organization is responsible
assess and forecast manpower requirements to meet organizational objectives
ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control
ensure information security management processes are integrated with strategic and operational planning processes
oversee the development and update of the life cycle cost estimate
tailor technical and planning information to a customer’s level of understanding
apply approved planning development and staffing processes
share meaningful insights about the context of an organization’s threat environment that improves its risk management posture
create a positive working environment by monitoring and managing workloads of the team
balance client expectations with the work-life quality of team members
provide candid, meaningful feedback in a timely manner to team members
keep leadership and engagement management informed of progress and issues
lead project workstreams and associated staff on complex cyber risk management engagements
work across departments and business units to implement organization’s privacy principles and programs, and align privacy objectives with security objectives
For positions in Colorado, visit the following link for information related to Colorado's Equal Pay for Equal Work Act: https://pwc.to/coloradoadvisoryseniormanager .
All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer.
PwC does not intend to hire experienced or entry level job seekers who will need, now or in the future, PwC sponsorship through the H-1B lottery, except as set forth within the following policy: https://pwc.to/H-1B-Lottery-Policy
For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance.
Please note that, at this time, to be in-person at a PwC office, client location or PwC-sponsored events, you must be fully vaccinated against COVID-19.