Application Security Risk Manager

Toronto, ON (view on map)

Posted 1 month ago

Job Description

Line of Service

Internal Firm Services

Industry/Sector

Not Applicable

Specialism

IFS - Internal Firm Services - Other

Management Level

Manager

Job Description & Summary

A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You’ll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets.

PwC is driving major change across information and cybersecurity by building a centralized model to provide security services across the entire member firm network. The Network Information Security (NIS) organization is tasked with designing, implementing and maintaining information security capabilities and services for PwC Network of member firms. The NIS Application Readiness team helps IT project teams with everything they need to keep PwC and client data secure—from complying with data protection standards to reducing the possibility of information breaches. We review applications against a set of security controls (ISP and Application Readiness Standard) to identify common information security risks, and then we recommend how to mitigate those risks.

Meaningful work you’ll be part of

As an Application Security Risk Manager, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. Responsibilities include but are not limited to:

• Work with Risk Reviewers to ensure tickets are being processed accurately and efficiently

• Work with Consultation Services Architects to identify gaps in compliance and determine inherent risk, mitigating factors, and residual risk

• Collaborate with other AppSec sub pillar teams to ensure relevant processes are completed as necessary and in good standing to support AR disposition

• Interface with customers to provide guidance relevant to AppSec requirements

• Escalate risks and other concerns to Application Readiness Regional Leads, BISOs, CISOs, and other relevant stakeholders

• Interface with a number of other NIS service providers, such as Policy, TPRM, Issues Management, Threat Management

• Provide disposition on ARR tickets and publish other deliverables (ARA report or Risk Statement) as applicable

Experiences and skills you’ll use to solve

• Customer service skills to create an exceptional customer experience

• Strong organizational and time management skills to support multiple concurrent reviews

• People leadership skills to provide oversight of Risk Reviewers, coaching and mentoring in an informal fashion

• Knowledge of the Information Security Policy, Application Readiness Standard, and applicable supporting Standards

• Understand the purpose of Application Readiness process

• Ability to assess whether a control is 'met' or 'not met' (black and white)

• Ability to navigate the gray when a control does not meet the letter of the control

• Ability to review documentation analytically, and assess control compliance based on information/documentation provided.

• Ability to evaluate complex data and determine whether data can be used to support the reviews being conducted

• Ability to pull facts and details related to controls from different types of documentation and diagrams submitted

• An understanding of when and how to escalate

• Good understanding of Application IT Security Standards, on-premise as well as cloud-based.

• Good understanding of risk management and experience with identifying and assessing potential information security risks.

• Good understanding and exposure to technical risk assessment along with vulnerability assessment and penetration testing.

• Strong communication skills and the ability to provide risk guidance, inform management about potential risk issues, and relay information about policy requirements effectively

• Proper Experience in coordination of issue tracking, Follow-Ups, communication skills in a global environment.

• CISSP / CISM /CISA / CCSK / CCSP / CRISC considered an asset

• A demonstrated commitment to valuing differences, developing and coaching diverse teams, and ensuring diverse perspectives are heard 

Why you’ll love PwC 
We’re inspiring and empowering our people to change the world. Powered by the latest technology, you’ll be a part of amazing teams helping public and private clients build trust and deliver sustained outcomes. This purpose-led work, and our continuous development environment, will take your career to the next level. We reward your impact, and support your wellbeing, through a competitive compensation package, inclusive benefits and flexibility programs that will help you thrive in work and life. Learn more about us at http://pwc.com/ca/whypwc 

Your Application to PwC 
We embrace new technology to deliver securely and differently for our candidates. To protect your personal information, apply at http://pwc.com/ca/careers and visit http://pwc.com/ca/applytopwc to learn more about what your recruitment experience could look like. 

Putting the safety of our people and clients first as we look to a hybrid future 
At this time, PwC does not require, but strongly encourages, full vaccination in order to access its offices. Some of our clients may require vaccination and other restrictions to be in place to access their premises. You may, therefore, be required to be vaccinated and comply with all other restrictions where applicable. At PwC, the future ways of work will be a hybrid of in-person and virtual, allowing choice and flexibility to explore new ways of working and collaborating, based on client, team and individual needs.

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date

At PwC Canada, our most valuable asset is our people and we grow stronger as we learn from one another. We’re committed to creating an equitable and inclusive community of solvers where everyone feels that they truly belong. We understand that experience comes in many forms and building trust in society and solving important problems is only possible if we reflect the mosaic of the society we live in.

We’re committed to providing accommodations throughout the application, interview, and employment process. If you require an accommodation to be at your best, please let us know during the application process.

To learn more about inclusion and diversity at PwC Canada: https://www.pwc.com/ca/en/about-us/diversity-inclusion.html. Be a part of The New Equation.

Chez PwC Canada, notre atout le plus précieux, c’est notre personnel. Et c’est en apprenant les uns des autres que nous devenons plus forts. Nous avons à cœur de créer une communauté équitable et inclusive de professionnels de la résolution de problèmes, dans laquelle chacun se sent vraiment à sa place. Nous savons que l’expérience peut prendre diverses formes et, pour nous, donner confiance au public et résoudre des problèmes importants n’est possible que si notre milieu de travail reflète la diversité de la société dans laquelle nous vivons.

Nous tenons à répondre à vos besoins tout au long du processus de demande d’emploi, d’entrevue et d’embauche. Si vous avez besoin de mesures d’adaptation pour être parfaitement à l’aise, faites-le-nous savoir à l’étape de la demande d’emploi.

Pour en savoir plus sur l’inclusion et la diversité chez PwC Canada: https://www.pwc.com/ca/fr/about-us/diversity-inclusion.html. Faites partie de La Nouvelle équation.