Job Description

Line of Service Assurance
Industry/Sector TMT X-Sector
Specialism Cybersecurity & Privacy
Management Level Associate
& Summary At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We're a tech-forward, people-empowered network with more than 370,000 people in 149 countries. Across audit and assurance, tax and legal, deals and consulting we help clients build, accelerate and sustain momentum. Find out more at www.pwc.com.
Our Risk Services Practice provides an invaluable safeguard in today's complex operating environment with insights and independent assurance. We work with clients to deliver business control to help them to protect and strengthen every aspect of their business from people to performance, systems to strategy, business plans to business resilience. We help clients manage, mitigate and control risks from potential cybersecurity breaches to possible breaks in the supply chain. We assess and prepare businesses by looking into their technology, finance, data analytics, regulatory requirements, data security and privacy, internal audit, and the third parties our clients rely on, to help clients deliver quality results and meet their strategic objectives.
At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.
Your responsibilities:
As part of the firm's Risk Services - Technology Risk Services (TRS) team, you will experience a dynamic and fast-paced working environment. From financial institutions and potential start-ups to government agencies and multinational corporations across various industries, clients look to you to conceptualise, design, and execute cybersecurity-themed exercises ranging from single organisations to industry-wide and sectoral exercises involving multiple organisations.
As a Cyber Simulation Associate, you will be part of a dynamic team of risk management professionals with responsibilities in supporting the team in pre-sales and delivery of cybersecurity-themed exercises to our clients. Specific responsibilities include, but are not limited to:

• Working with the team for the end-to-end conduct of cybersecurity exercises, including exercise planning, scenario development, and reporting.
• Conducting current state discovery to understand the client's technology infrastructure, cyber resilience programmes, incident response plans, and scenario-specific playbooks.
• Designing exercise scenarios that are relevant to and aligned with the client's specific environment and context.
• Engaging relevant business, operational, technical, and management teams in preparing for the cybersecurity exercise.
• Providing recommendations to the client on improvements to their existing setup and plans.
• Playing a key role in supporting the team during the exercise day conduct.
• Involvement in post-exercise debrief/after-action review workshops.
• Developing the exercise report and providing observations and recommendations that are meaningful and relevant to the client's context.
• Presenting the exercise report and key observations to the relevant stakeholders, tailoring the messages based on the audience.
• Proactive support in business development activities such as bid management, proposal formulation, and client presentations, including adhering to internal risk management and compliance policies.

Required Skills:

• A degree in Computer Science, Computer Engineering, Information Technology, or a non-IT degree with a focus on cybersecurity from reputable local or international universities.
• A keen interest in helping clients simulate cyber crisis scenarios through the conduct of Table-top Exercises (TTX), Command Post Exercises (CPX), and Ground Deployment Exercises (GDX).
• Understanding of various cybersecurity Tactics, Techniques, and Procedures (TTPs) for different cyber threat actors.
• Knowledge of cyber incident response and digital forensic investigation requirements.
• Familiarity with the Cyber Kill Chain Methodology, MITRE ATT&CK Framework, and NIST Cybersecurity Framework (CSF).
• A good team player.
• Excellent communication, presentation, analytical, and organisational skills.
• Ability to work on multiple concurrent projects with tight timelines and competing resources.

Advantageous to have:

• Knowledge of technology systems, network and infrastructure, cybersecurity risks, and related control frameworks and practices (COCO, COSO, ISO, ITIL, CMM, COBIT, NIST, SANS, etc.).
• Possession of certifications such as CISSP, GCFE, GREM, GCIA, GCIH, EnCE.

We invite you to bring your unique talents and perspectives to our team, where you will have the opportunity to make a meaningful impact and grow your career in cybersecurity.
Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required:
Degrees/Field of Study preferred:
Certifications (if blank, certifications not specified)
Required Skills
Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more}
Desired Languages (If blank, desired languages not specified)
Travel Requirements 0%
Available for Work Visa Sponsorship? No
Government Clearance Required? No
Job Posting End Date

Skills Required