Cybersecurity Associate - Risk Services

Line of Service

Assurance

Industry/Sector

TMT X-Sector

Specialism

Cybersecurity & Privacy

Management Level

Associate

Job Description & Summary

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 370,000 people in 149 countries. Across audit and assurance, tax and legal, deals and consulting we help clients build, accelerate and sustain momentum. Find out more at www.pwc.com.

Our Risk Services Practice provides an invaluable safeguard in today’s complex operating environment with insights and independent assurance. We work with clients to deliver business control to help them to protect and strengthen every aspect of their business from people to performance, systems to strategy, business plans to business resilience. We help clients manage, mitigate and control risks from potential cybersecurity breaches to possible breaks in the supply chain. We assess and prepare businesses by looking into their technology, finance, data analytics, regulatory requirements, data security and privacy, internal audit, and the third parties our clients rely on, to help clients deliver quality results and meet their strategic objectives.

Apply for our Cloud team where you will undergo training programme with PwC to acquire skillset in Cloud and Cybersecurity and having mentors to advice and support in the development of your career, training pathway and everyday working practices.

Roles & Responsibilities

We're looking for dynamic and motivated individuals to join our Risk Services - Cyber Technology Teams. As part of our dynamic team, you'll engage in a range of responsibilities, including but not limited to:

Cloud Security:

• Work on client engagements involving performing tasks such as Cloud and system security controls assessments, Cloud risk and resilience and Cloud regulation framework reviews, vulnerability assessments under the supervision of a Senior or Manager
• Assist team to provide advisory around cloud governance, framework, policies and processes
• Evaluate technical and business requirements and documentation on risk aspects
• Present recommendations and alternative approaches in respect of risk prevention, mitigation, and response to clients based on impact to infrastructure, as well as process design and build
  
  

Data Protection:

• Support assessments of clients’ data protection practices against local regulations (such as PDPA in Singapore) and international standards (e.g., GDPR, ISO 27701, ISO27001, NIST Cybersecurity and Privacy frameworks).
• Assist in performing gap analyses and compliance assessments, contributing to detailed reporting and actionable recommendations.
• Work closely with experienced consultants on client engagements involving risk management, governance frameworks, and regulatory compliance.
• Engage with various tools and technologies used in data security, privacy management, and risk assessment.
• Collaborate across multidisciplinary teams, assisting with the establishment and uplift of data and cybersecurity measures for our clients.
  
  

Cyber Simulation:

• Working with the team for the end-to-end conduct of cybersecurity exercises, including exercise planning, scenario development, and reporting.
• Conducting current state discovery to understand the client’s technology infrastructure, cyber resilience programmes, incident response plans, and scenario-specific playbooks.
• Designing exercise scenarios that are relevant to and aligned with the client’s specific environment and context.
• Engaging relevant business, operational, technical, and management teams in preparing for the cybersecurity exercise.
• Providing recommendations to the client on improvements to their existing setup and plans
• Developing the exercise report and providing observations and recommendations that are meaningful and relevant to the client’s context.
• Proactive support in business development activities such as bid management, proposal formulation, and client presentations, including adhering to internal risk management and compliance policies.
  
  

Security Governance

Standard & Strategy

• Support development of cyber security strategies for organizations.
• Deliver gap assessments and reviews against cybersecurity standards such as NIST and regulations such as CSA Cybersecurity Codes of Practice (CSA CCoP), ISO27001, CSA Cyber Trust Mark and others.
• Collaborate with client’s teams to gather necessary evidence and documentation.
• Evaluate the design and operating effectiveness of IT controls related to cybersecurity  etc.
• Identify potential risks, vulnerabilities, and areas for improvement within IT systems and processes.
• Support clients in their remediation activities to comply with the cybersecurity standards and regulations. The activities may encompass policy development, process design and training.
• Prepare clear and concise reports, including findings and recommendations for management.
  
  

Risk Assessment

• Work on client engagements involving performing tasks such as threat modelling, cybersecurity risk identification, risk analysis and risk evaluation under the supervision of a Senior Associate or Manager
• Assist team to conduct interviews and workshops with clients for gathering information required for assessment
• Strong capability to understand and assess technical controls and processes of systems
• Strong written and verbal communication skills; ability to translate technical risk to business impact
• Produce prioritized, risk-based recommendations and alternative approaches to prevent, mitigate and respond to identified cybersecurity risks
• Familiarity with threat models and frameworks such as STRIDE-LM, MITRE ATT&CK and NIST Cybersecurity Framework is preferred
  
  

Qualifications:

• Bachelor’s or Master’s degree in Information Technology, Computer Science, Computer Engineering, Cybersecurity, or related disciplines.
• Basic understanding of network, cryptography principles, and data loss prevention technologies.
• Familiarity with cloud security principles and tools (e.g., Microsoft 365, AWS, Azure).
• Awareness of database security, data anonymization, and cybersecurity frameworks.
• Strong analytical, problem-solving, and communication skills.
• Ability to work effectively in a team, showing initiative and a willingness to learn.
  
  

Advantageous to have:

• Knowledge of cybersecurity tactics, techniques, and procedures.
• Understanding of cyber incident response, digital forensics, and threat analysis frameworks like MITRE ATT&CK.
• Proficiency in cloud technologies, platform management, data security, and regulatory compliance frameworks.
• Certifications such as CISSP, GCFE, GREM, or equivalent are advantageous
  
  

We invite you to bring your distinct talents and perspectives to our team, where you'll have opportunities to make a meaningful impact and advance your career in cybersecurity and risk services. For more details, visit www.pwc.com.

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Cloud Administration, Cloud Engineering, Cloud Infrastructure, Cloud Infrastructure Architecture Design, Cloud Resource Management, Cloud Security, Cloud Security Auditing, Cloud Service Delivery, Cloud Service Level Risk Management, Communication, Cyber Engineering, Emotional Regulation, Empathy, Forensic Investigation, Incident Investigation, Inclusion, Information Security, Infrastructure as a Service (IaaS), Intellectual Curiosity, Optimism, Platform as a Service (PaaS), Risk Analysis {+ 14 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

Yes

Government Clearance Required?

No

Job Posting End Date