Technology & Cyber Risk Manager

October 9, 2024

PWC Australia

Canberra

FULL TIME

Permanent
All Locations - Full Time - Hybrid - Manager

Our Enterprise Risk team plays a critical role in helping Pw C to identify and manage risks to achieve our Firm’s strategy and purpose. We deliver both the uplift required from Firmwide Risk itself, but also in Risk’s contribution to firm wide transformation, blending technical skills and strategy to advise our internal functions and teams with spectacular results. We are seeking an experienced Technology and Cyber Risk Manager to lead our efforts in safeguarding our digital assets where you will develop and implement strategies to manage technology and cyber risks, ensuring the security and resilience of our systems.

Use the know-how you've gained in areas such as Cyber Security, Technology, Data and Artificial Intelligence to grow our Enterprise Risk team. With new problems to solve, you’ll have plenty of opportunities to create change. We work from anywhere, so your strong communication skills and team leadership abilities will get a workout. As part of the Enterprise Risk team, you’ll make a real impact in a workplace that’s human-led and tech-enabled.

As an expert in Technology and Cyber Security you will be responsible for overseeing and enhancing our Tech and Cyber Risk Management function, ensuring that risks are identified, assessed, managed and mitigated effectively.
In our Enterprise Risk team, you’ll also:

Risk Assessment and Management:

Assist and monitor first line function in applying technology and cyber risk management tools in identifying, assessing, monitoring and controlling technology and cyber risks.
Provide independent oversight of technology and cyber risk management activities.
Continuously monitor and evaluate the effectiveness of risk mitigation measures.
Continuously monitor and review the firm's risk exposure to ensure alignment with the risk appetite and adapt to evolving threats and regulatory changes.

Technology and Security Governance

Oversee first line functions to establish and review the technology and cyber risk management policy, frameworks and procedures.
Evaluate and report on the existence and effectiveness of internal technology, cyber and data controls and present findings to senior management as required.
Assess the adequacy and effectiveness of the controls from a technology, cyber and data risk perspective while undertaking due diligence of new products/service propositions, incident handling and provide advice and recommendations on new technology solutions.

Data Security Governance

Assist the first line data governance team in developing and implementing data security governance frameworks, policies, procedures, controls and standards.
Collaborate with subject matter experts, first line data governance, cross functional teams, relevant business units and stakeholders to identify and assess potential risks and vulnerabilities in the firm’s data security.

Incident/Crisis Management including cyber crisis

Collaborate with first line functions and business continuity teams to ensure that Incident and Crisis response plans address potential cyber events (e.g. Ransomware, DDOS attacks, data breaches)
Assist the business continuity team and business functions in conducting post incident and crisis reviews to ensure the effectiveness of the response, document lessons learnt and monitor implementation for improvement of those plans.

Compliance and Regulatory Requirements:

Partner closely with the internal compliance team to ensure cybersecurity alignment with applicable compliance and regulatory requirements, and industry standards, including GDPR, ISO 27001, NIST Cybersecurity Framework, and PCI DSS.

Risk Culture Development:

Promote a strong risk-aware culture within the firm to foster understanding and adherence to risk management practices and cyber awareness across all levels.
Facilitate phishing simulations and other awareness activities in coordination with the first line functions.

Third-Party Risk Management:

Independent oversight of third-party risk management activities to ensure that first-line functions properly assess and mitigate risks associated with external vendors, supply-chain and service providers.
Ensure that third-party contracts include appropriate security clauses and service level agreements.

Documentation and Reporting:

Document risk findings, and recommendations in clear and concise reports.
Communicate results to senior management and relevant stakeholders, providing insights and recommendations for improvement.

Other Relevant Qualifications Required

Bachelor's degree in Computer Science, Information Technology or a related field.
Strong knowledge of cyber threats and trends, methodologies and industry best practices in conducting risk assessments, cybersecurity principles, technologies and controls.
Experience in data security and familiarity with AI, Gen AI technologies and concepts.
Strong communication and interpersonal skills, with the ability to communicate complex technology and cyber risk concepts to non-technical stakeholders.
Experience in technology and cybersecurity frameworks and standards, including but not limited to the NIST CSF Cybersecurity Framework, COBIT and ISO/IEC 27001.
Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.

It’s time to move forward. And upward.

You want to lead teams with impact and create meaningful change in a place with the flexibility and reward you need to make your life work away from the office.

We’ll give you a career-defining role that:

Is strong on growth and reward
Has competitive and transparent salary packages with the opportunity for yearly bonuses and promotions
Helps you learn and grow with our internal Academy, study support, and partnerships with Udemy and Coursera
Provides strong mentors, meaningful work and plenty of networking opportunities
Gives you the chance to explore, with overseas secondments and our Together Anywhere policy that lets you work up to 4 weeks from anywhere in Australia
Prioritises new families with 26 weeks of parental leave

We're an inclusive bunch, and we try to make life easier - for our clients, our teams and our communities. If you need reasonable adjustments when applying, just let us know.

Pat Castro is the Recruitment Manager for the role. As the team experiences high volumes of applications, we appreciate your patience to allow for a timely and fair process for all.

We regret to inform you that this job opportunity is no longer available