Location UK / Belfast
Job Type Permanent full-time
Salary Not disclosed
Updated 2 days ago
We are looking for self-motivated and experienced information security individuals with extensive experience in performing third party risk management activities.
PwC’s Operate business delivers large operational and managed service solutions for clients to meet regulatory, risk and compliance challenges.
With over 1,100 staff deployed on large implementation and execution programmes, Operate brings together top talent with a distinctive mix of knowledge and skills. We support clients by providing staff augmentation services, delivering large scale operational programmes and managed solutions. We deliver our client work from a range of locations, providing our clients with cost-effective delivery, access to subject matter expertise and operational excellence disciplines for some of the biggest brands worldwide.
We are looking for self-motivated and experienced information security individuals with extensive experience in performing third party risk management activities such as supplier security assessments/reviews, contractual terms analysis and negotiation, and ongoing monitoring of supplier adherence to security commitments.
You will need to demonstrate technical expertise in the following areas of Cyber Security
Knowledge of cloud computing environments – SaaS, PaaS and IaaS – and experience evaluating the associated organisational risks
Information Security assessment processes, including audit, vulnerability scanning and security policy and standards review. Experience creating and managing IT security policies and standards. Sound understanding of penetration testing results.
Understanding of Information Security fundamentals across multiple domains, including (but not limited to) security management, security architecture, application security, network security, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, laws, investigations, and ethics;
We will also be looking for demonstrable experience in a management role where you have led your teams toward success. We expect our staff to be driven, enthusiastic and keen to build on existing experience.
Manage a large and diverse portfolio of Vendors for the firm;
Evaluate and review third party vendor legal documentation and processes including MSA’s, SOW’s and RFP responses
Perform risk assessment on suppliers and identify control gaps
Negotiate remediation plan with suppliers
Maintain open communication channels with senior stakeholders through regular governance sessions, escalating appropriately as and when required.
Own the quality of all client outputs and ensure all client and internal document repositories are accurate and up to date
Operate as a federated subject matter expert across multiple engagements when required
Degree in Information Technology or related subject
Previous experience in professional roles involving information security and/or management
Knowledge of information risk and compliance principles. Broad understanding of security technology and related risk and compliance issues
Senior stakeholder relationship management
Excellent attention to detail and a passion for delivering high quality output for clients
Previous experience in coaching and developing junior members of staff up to a required standard.
Cyber Security related certifications including ISO27001 Lead Auditor, CISA, CISM, CIPP, CISSP
Strong understanding of information security controls & ISMS standards such as ISO27001/2, COBIT and NIST
Experience with SOC2 compliance standards
Ability to develop and manage structured third party risk identification, assessment, and treatment programs for large organisations
Ability to assess adherence to security controls using standard audit and assessment methodology (e.g. inquiry, inspection, observation)
Very strong customer facing verbal and written communication skills
Adept at translating technical IT security concepts into business terms
Ability to address risk utilising standardised and consistent methodology
Ability to identify and leverage relationships between data held in different applications to develop tools and reports that support the management of information security
Understanding of existing and upcoming legislative and regulatory requirements applicable to data protection and security.
We will provide you with
An opportunity to work on a range of different programmes giving you variety and depth in your day to day work;
A fast paced, challenging environment with a clear career pathway;
The opportunity to work with industry leading clients across a range of industry sectors;
Dedicated technical and soft skills training to support your induction and ongoing career progression, with full access to PwC Professional frameworks;
The opportunity to undertake a relevant professional qualification; and
A people manager to support your ongoing development and progression.
Our Compliance Testing team is located in PwC’s Belfast office. Staff may be required to travel on occasion to various client locations and PwC UK offices for business meetings and training. We will however discuss and agree these requirements with you in advance of starting a project.