Information Security Risk Advisor

Overview and team description:
PwC's global cybersecurity strategy revolves around 4 key points: to identify, control, and reduce the attack surface across the member firm network, and increase our adversaries' cost of attack. Our mission protects 223,000+ PwC members across 157 member firms worldwide, as well as our global clients.
Within PwC's Global Network Information Security (NIS) team, the UK NIS Governance, Risk & Compliance (GRC) team acts as a trusted Risk Advisor to the UK business. By providing guidance on cybersecurity-related risks and ensuring alignment with PwC's global cybersecurity strategy, we help our UK stakeholders implement effective security measures to mitigate risks and protect the firm's interests.
We are hiring for an experienced Information Security Risk Advisor to join the team to continue building their cyber security career.
What does the role look like?
As an Information Security Risk Advisor, your role is to work on risk management activities to help identify and reduce the risks associated with technology used within the UK firm.

• Collaborate with key stakeholders to gather information on existing and emerging technologies, such as GenAI, and provide updates on progress and deliverables to your line manager and leadership.
  
• Identify and assess areas of risk and non-compliance, evaluating their impact and likelihood on the organisation (e.g. if a risk was exploited, what would be the financial or reputational impact).
  
• Organise and prioritise activities based on criticality and risk to the organisation, ensuring effective risk management.
  
• Act as a point of contact for business teams, addressing their Information Security concerns and providing guidance.
  
• Negotiate the remediation of identified risks within the UK firm.
  
• Create risk reports for management and senior stakeholders to facilitate decision-making.
  
• Support risk remediation activities; manage and track identified risks until closure.
  
• Take ownership of project tasks, ensuring their successful delivery.
  
• Monitor personal Key Performance Indicators (KPIs) and meet deadlines consistently.
  
• Actively participate in team activities, contributing to strategic projects, communications, process improvement, knowledge sharing, and fostering a positive work environment.
  

What do you need for this role?

• Previous proven experience in a similar Information Security or IT security role is essential.
  
• Formal certifications / qualifications in Information Security (CISM, CRISC, CompTIA Security+).
  
• Thrive on helping people with problem solving, stakeholder management/customer service outlook - working with business teams to achieve positive outcomes.
  
• Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
  
• Engaging communication skills to assist, inform, and build relationships with stakeholders in both the business and support teams, to enable effective Information Security activities and processes aligned to the firm's security strategy.
  
• Data manipulation and visualisation skills highly desirable (PowerBI, Alteryx, Excel).
  
• Time management skills, balancing working efficiently on your own and contributing as part of a wider team - prioritising and recognising when to escalate to management
  
• An interest in PwC's business model, service offerings, and business operating environment as it pertains to the firm's threat landscape.