Cybersecurity-Strategy Risk & Compliance-Manager

A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges

You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities

You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe



Our Regulatory Compliance team focuses on helping our clients understand their regulatory landscape on a domestic and global scale

Youll work with our clients aligning a number of different cyber, privacy and industry frameworks and requirements to their business

This includes, but is not limited to NIST CSF, ITIL, HIPAA, PCI, FDA, FERC/NERC, OCC, FFIEC, ABAC, Cyber Executive Orders, etc

Our team designs, implements, and maintains an effective compliance program that helps our clients manage the risks against regulatory compliance obligations, as well as control framework commitments to their Board/stakeholders



Our team also works with regulatory examiners, investigators, and industry leaders to continue to stay ahead of upcoming regulatory changes or enforcements

We help inform our clients on controls or requirements that require enhancements, and help with the compliance change management components driving new technical and business requirements out to their end users

You will be part of a team that not only assesses organizational compliance, but helps clients to strategically think through the best way to manage in a cost-effective, yet defensible manner

• Pursue opportunities to develop existing and new skills outside of comfort zone
  
  
• Act to resolve issues which prevent effective team working, even during times of change and uncertainty
  
  
• Coach others and encourage them to take ownership of their development
  
  
• Analyse complex ideas or proposals and build a range of meaningful recommendations
  
  
• Use multiple sources of information including broader stakeholder views to develop solutions and recommendations
  
  
• Address sub-standard work or work that does not meet firms/clients expectations
  
  
• Develop a perspective on key global trends, including globalisation, and how they impact the firm and our clients
  
  
• Manage a variety of viewpoints to build consensus and create positive outcomes for all parties
  
  
• Focus on building trusted relationships
  
  
• Uphold the firms code of ethics and business conduct
  
  

• Manage cybersecurity program scope and prioritize opportunities to enhance the security posture
  
  
• Ensure a coherent and cross-functional team integration and enterprise-level collaboration is in place
  
  
• Benefits are clearly defined and agreed upon with key stakeholders and then mapped to projects and associated milestones
  
  
• Identify enterprise trends, synergies, and opportunities for improvement in Cybersecurity risk management
  
  
• Develop Cybersecurity governance, risk management, compliance framework, policies, and standards
  
  
• Design and implement target state operating model for Cybersecurity function and building the capability, process maps, interaction model, and roles/responsibilities
  
  
• Support the implementation of the Cybersecurity strategy and roadmap
  
  
• Develop Third-party Cybersecurity Risk Management capability, process maps, and interaction model (including but not limited to performing security due diligence at onboarding/offboarding, including security requirements while contracting & conducting ongoing third-party security risk assessments using a risk-based approach)
  
  
• Work with third parties to prioritize & mitigate identified risks
  
  
• Manage security requirements within third parties, support the audit and regulatory requirements & ensure the findings are remediated
  
  

• Demonstrable ability in the following areas is required for this position
• Technical designations such as CISSP, CRISC, CISA preferred
  
  
• A firm understanding of cyber security frameworks such as those published by leading organizations (e
  
  g
  
  NIST, SANS, ISO etc
  
  )
  
  Ability to translate framework to practical advice to clients
  
  
• Good mix of business and technical capabilities, and the ability to communicate on current cyber risk issues to senior executives within the context of their business
  
  
• Being able to design and deliver cyber security strategies, operating models, assessments and reports to meet Canadian, US and global regulatory requirements
  
  
• Leadership qualities when working in a team and the ability to be recognized as the subject matter expert on cyber risk when our client requires
  
  
• Ability to identify cyber risk management opportunities with clients and propose solutions that meet the client s needs
  
  
• Clear and articulate written and verbal communication skills
  
  
• Presentation and report writing skills
  
  
• Ability to develop and manage mid-level relationships
  
  
• The ability to work on a number of projects, meet deadlines and manage stakeholder expectations
  
  
• The successful candidate requires fluency in English, in addition to French as they will be required to support or collaborate with English-speaking clients, colleagues and/or stakeholders during the course of their employment with PwC Canada