Line of Service

Advisory

Industry/Sector

FS X-Sector

Specialism

Risk

Management Level

Associate

Job Description & Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively.

Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations.

Job Description & Summary

We are seeking a skilled and experienced Cybersecurity Governance & Risk Manager to lead and execute key cybersecurity governance, risk management, and compliance activities. This role will be responsible for managing cyber risk scoring, third-party risk assessments, policy and SOP reviews, and ensuring compliance with various regulatory frameworks including ISO 27001, PCI DSS, and ISO 27701 (PIMS). The ideal candidate will have hands-on experience in cybersecurity governance, audit coordination, and GRC tool operations.

Responsibilities:

1. Security Governance

Cyber Risk Score Management

Evaluate and publish monthly cybersecurity risk scores based on defined KPIs.

Revise KPI weightage and identify new KPIs in consultation with leadership.

Collect and validate KPI data and artefacts.

Publish dashboards and derive actionable insights for management.

Security Policy Tools & Technology Governance

Review 30 critical security tools for policy alignment and compliance.

Conduct periodic reviews and present findings to GRC leads.

SOP Review & Management

Review and update 25 SOPs for accuracy and compliance.

Collaborate with SMEs to improve SOPs and maintain a centralized repository.

---

2. Risk Governance & Management

Third Party Risk Management (TPRM)

Classify vendors and conduct quarterly on-site assessments for vendors.

Publish assessment reports and follow up on open observations.

Maintain vendor and audit master data.

Enhance audit checklists and collaborate across functions.

Identify automation opportunities and conduct quarterly training sessions.

---

3. Compliance Services

GRC Tool Operations

Create and manage controls for multiple standards (ISO, PCI DSS, UIDAI, RBI, etc.).

Configure assessments and manage respondent roles.

Provide training and support for tool users.

Track issues, remediation, and enhancements.

Drive ICFR self-assessments and regulatory compliance reporting.

ISO 27001 & PCI DSS Maintenance

Manage ISMS framework and certification upkeep across locations.

Conduct bi-annual internal audits and support external audits.

Perform MRM meetings, InfoSec trainings, and annual risk assessments.

Conduct PCI DSS retail assessments using GRC tools.

Privacy Information Management System (PIMS)

Manage ISO 27701 certification and framework.

Conduct internal and external audits, track remediation efforts.

Update documentation and conduct annual MRMs and risk assessments.

Lead training and awareness programs.

Requirements

2–5 years of experience in cybersecurity governance, risk management, and compliance.

Strong understanding of GRC tools and frameworks.

Experience with ISO 27001, PCI DSS, and privacy regulations.

Excellent communication and stakeholder management skills.

Ability to travel PAN India for on-site assessments and audits.

Certifications such as CISA, CISM, ISO 27001 LA are highly preferred.

Mandatory Skill Sets:

Cybersecurity

Preferred Skill Sets

Cyber Audits, Assessment

Years of Experience Required:

2+ Years

Education Qualification:

Any Graduate

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor Degree

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Cybersecurity

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date