PwC Cybersecurity & Privacy - Director in San Francisco, California
PwC is a network of firms committed to delivering quality in assurance, tax and advisory services.
We help resolve complex issues for our clients and identify opportunities. Learn more about us at www.pwc.com/us.
At PwC, we develop leaders at all levels. The distinctive leadership framework we call the PwC Professional (http://pwc.to/pwcpro) provides our people with a road map to grow their skills and build their careers. Our approach to ongoing development shapes employees into leaders, no matter the role or job title.
Are you ready to build a career in a rapidly changing world? Developing as a PwC Professional means that you will be ready
- to create and capture opportunities to advance your career and fulfill your potential. To learn more, visit us at www.pwc.com/careers.
What will you do if you work in Assurance at PwC?
You'll ask questions and test assumptions. You'll help determine if companies are reporting information that investors and others can rely on. You'll help businesses solve complex issues faced by management and boards. You'll serve the public interest and the capital markets by conducting quality audits. Visit http://pwc.to/pwcassurance for more information on PwC's Assurance practice.
The world is quickly changing, that's why PwC is quickly adapting. We're capitalizing on trends that will impact corporate reporting.
Our focus is on globalization, technology, sustainability and environmental reporting, population shifts and regulation. We combine skills and experience to help our clients address their challenges.
Boards of Directors and executive management recognize the ever increasing importance of effective risk management efforts in meeting their organization's strategic objectives.
PwC's Risk Assurance practice has developed a holistic approach to risk that protects businesses, facilitates strategic decision making and enhances efficiency. Our holistic approach is complimented by the extensive risk and controls technical knowledge and sector-specific experience our Risk Assurance professionals possess.
The end result is a risk solution that is tailored to meet the unique needs of a company.
Areas where our Risk Assurance practice can bring value to an organization include:
Leveraging industry and technical expertise to assist management to address more effectively risks associated with their business
Assisting management in the assessment of project risks and controls
Enhancing internal audit functions to further align to company strategy and risk
Reducing company costs through strategic internal audit outsourcing and co-sourcing solutions
Increasing value and reducing costs of compliance-related activities
Identifying opportunities for companies to effectively mitigate risk and improve business performance
Applying the concepts of Enterprise Risk Management to help companies identify, assess, mitigate and proactively consider emerging risks
The Cybersecurity, Privacy and IT Risk team is part of Risk Assurance. Our team of professionals help clients develop a vision for their cybersecurity and privacy program, design and build a sustainable and agile program, operate aspects of the program and provide an independent review and assurance of their program to Management or 3rd party stakeholders.
The velocity and density of information in digital business has significant business benefits due to the insights it creates. However, it exposes new risks on how to protect this data and new privacy challenges to guide its appropriate use. Digital business requires a new view on security and privacy, one that is driven by the level of risk appetite and enablement of business and technology strategy.
Our Key Services are:
Strategy, Governance and Management
Prioritize investments, allocate resources, and align security and privacy capabilities with the strategic imperatives and initiatives of the organization;
Security Architecture and Services
Create sustainable security solutions to provide foundational capabilities and operational discipline;
Emerging Technologies and Market Trends
Assess the opportunities and security and privacy related risks of new technology adoption and dynamically changing business models;
Threat, Intelligence and Vulnerability Management
Anticipate changes in the risk landscape through situational awareness of the internal and external factors impacting the business ecosystem;
Risk and Compliance Management
Efficiently and effectively identify, evaluate and manage risk to the business while addressing the evolving regulatory requirements;
Information and Privacy Protection
Identify, prioritize, and protect sensitive or high value business assets;
Attest and Assure
Using non-financial-statement reports, including SSAE 16, agreed upon procedures and customized attestations, deliver confidence in companiesâ€™ organizationâ€™s policies, controls, processes and security;
Identity and Access Management
Provide integrated and secure processes, services, and infrastructure to enable appropriate controls over access to critical systems and assets;
Incident and Crisis Management
Plan, detect, investigate, and react timely and thoroughly to security incidents, breaches and compromises.
Minimum Year(s) of Experience: 7 years of experience in IT Risk Management including experience in Cybersecurity & Privacy.
Minimum Degree Required: Bachelor's degree in Accounting, Finance/Economics, Management Information Systems, Computer Science, Business Administration, Statistics Mathematics, Regulatory Compliance, Science, Technology, Engineering & Mathematics and/or other business fields of study.
Certification(s) Preferred: Obtained or demonstrates an active pursuit of one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Knowledge Preferred:
Demonstrates proven regard as a thought-leader level, broad subject matter knowledge and success with developing and implementing cybersecurity, privacy and IT risk strategies for a global network of professional services consulting firms, emphasizing the following areas:
Writing, communicating, facilitating, and presenting cogently to and/or for all levels of industry audiences, clients and internal staff/management;
Understanding and applying technical and operational cybersecurity, privacy and/or IT risk domains, and/or standard industry practices relating to these areas, in order to assist clients with assessing their posture and improving their program;
Understanding and applying emerging technologies, such as cloud, Internet of Things (IoT) and advanced analytics
Understanding and applying common cybersecurity, privacy or technology industry standards / regulations
e.g. ISO 27001/27002, NIST 800 series, COBIT, PCI-DSS, ITIL, HIPAA / HITECH, EU Safe Harbor, CANSPAM
especially as it relates to building a program and/or
managing internal controls, risk assessments, business process and internal IT control testing or operational auditing;
Advising CXO's on emerging technologies and cybersecurity, privacy and IT risk strategies consistent with clients' business strategies;
Providing consultancy and assurance services for cybersecurity, privacy and IT risk strategy, policies, organization and governance, including the participation in proposal development efforts;
Understanding common issues facing clients who provide products and services in several sectors that include, but are not limited to Financial Services, Manufacturing, Retail, Media and Entertainment, and Energy; and,
Aspiring to have a broad career in cybersecurity, privacy and/or IT risk.
Demonstrates proven thought leader-level abilities to generate and maintain an annual book of business valued at $2 million+ , identifying client needs and building a local network of clients and talent in the cybersecurity, privacy and IT risk profession for a global network of professional services firms, emphasizing the following areas:
Leading and managing business development opportunities and engagements from pre-sale and initial scoping through final delivery and signoff;
Engaging with and support client executives in a decision process that is strengthened by insight into business value;
Leading teams to generate a vision, establish direction, and motivate members. Creates an atmosphere of trust, leveraging diverse views, coaching staff, and encouraging improvement and innovation; and,
Managing and/or contributing to project planning, engagement administration, budget management, successful completion of engagement workstream(s) and solution development.
For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance.
All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law.