BISO Senior Manager, Network Information Security

Job Description

A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. Youll focus on being the forefrontof designing, developing, and implementing information technology including hardware, software, and networks that enhance security of internal information and protect our firms intellectual assets. Our team leads the information security strategy within PwC.The overall goals for the function include the identification, tracking and mitigation of risk, as well as offering in depth expertise to ensure credibility and confidence in the handling of client, firm, or employee data. We work closely with stakeholdersto understand their business objectives to enable us to have full visibility into potential information security risks across our estate. Joining this team, youll provide the customer centric perspective to enable PwC to deliver maximum value to the customer,the PwC Network of firms, and PwCs clients.Summary Description:Our vision for the PwC Network, fuelled by our Purpose, is to be the most trusted and relevant professional services business in the world - one that attracts the best talent and combines themost innovative technologies, to help organisations build trust and deliver sustained outcomes.Our global cybersecurity strategy revolves around 4 key points: to identify, control, and reduce the attack surface across the member firm network, and increaseour adversaries cost of attack. Our mission protects 223,000 PwC members across 157 member firms worldwide, as well as our global clients.Within the UK Business Information Security Officer (BISO) team we work closely with business stakeholders to understandtheir business model and roadmap for technology. Management of relationships with the business is key to delivering on our global cybersecurity strategy. Whether it be integrating solutions, driving operational processes or providing guidance back to globalteams to further enhance our strategy, the BISO team provides the engagement and builds stakeholder relationships to enable us to deliver maximum value to the customer, the PwC UK firm. If you are seeking an exciting career with the scope to grow your cybersecurity skills through business engagement, NIS will empower you to do so.Scope of Responsibility: The BISO role acts as the primary interface between business stakeholders and the global security organisation. This role is relied upon to ensure strategicalignment between lines of service and the firms security strategy, as well as ensuring ongoing information security policy compliance. Individuals selected for this role will need to gain and maintain a deep understanding of business teams strategy, maturity,operations, priorities and pressures, and ensure that appropriate security services are engaged at the appropriate times to drive successful business outcomes.The BISO role is primarily focused towards:Proactive and regular engagement with, and relationshipmanagement of, stakeholders across the area of responsibility.Providing a consistent and effective Information Security experience to LoS stakeholders.Harmonising Network & Territory security strategy with business objectives.Identification and managementof information security risk areas to tolerable levels.Responding to and effectively managing support for security incidents.Connecting business teams to NIS specialists, when required.The BISO is focussed on the needs of the business to ensure:Projects operatewithin the boundary of acceptable risk tolerance to the firm.That there is freedom and latitude to create, innovate and develop with minimal disruption or hindrance from security.Delivery of security services and technology which serves as a differentiatoras the business engages the market place.Support and guidance around security service interfaces and acting as a point of escalation.Management of security projects and security hygiene sprints.Defining and tracking metrics around key risk indicators and communicatingthese with business stakeholders.Strategic and Technical Orientation / Job Content: Individuals selected for this role are expected to have both extensive knowledge and managerial know-how related to the following aspects of the CISO pillar skills matrix:Experiencemanaging multi-function relationships;Understanding of security technology;Experience in a role balanced between business stakeholders and a central service organization;Navigating a multifaceted, matrix organization; andCollaborating with multiple stakeholdersacross functional and technical skill sets.Range of Impact:A 4E Level employee possesses deep understanding of information security business practices applied in the support of and integration with key business and strategic priorities. The candidate shouldpossess the ability to translate BISO strategy by leading and/or managing others and performing work with significant independence.Possesses a proven track record of success in managing efforts within business engagement and relationship management space.Buildingand maintaining complex programs while supervising staff to execute against overall strategy.Build and maintain relationships across the lines of service to effectively deliver security activities on behalf of the global security and technology teams.Identifiesand executes tasks aligned to cybersecurity strategy with autonomy.Requirements:Experience Level:Proven experience of progressive professional roles involving stakeholder management in an Information Security environment.Other Details:An effective BISO candidatewill also possess the following skills:Communication: Ability to leverage business communication skills to inform, persuade, and teach stakeholders across staff and leadership to enable effective information security activities and processes aligned to thefirms security strategy Analytical: Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.Technical: Broad understanding of technology and how security is applied to technology in an enterprise setting.Business:High level understanding of PwCs business model, service offerings, and business operating environment as it pertains to the firms threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.Domainlandscape: Knowledge of risk assurance and technical security principles.Travel Requirements and Special Circumstances(e.g., percentage of travel time, frequency of expected site visits, whether virtual work arrangements are possible, etc.)Percentage of traveltime:0-20%Not the role for you Did you know PwC offer flexible contract arrangements as well as contingent work (ie temporary or day rate contracting) The skills we look for in future employees All our people need to demonstrate