Information Security Risk & Government Manager

As a Manager in our Office of the CISO, your role is to drive risk management and reduction activities

to help identify and reduce the risks related to information security associated with technology used

within the firm. Within this role there are specific responsibilities that help ensure PwC complies with the

requirements of clients in our Government & Health Industries (G&HI) space:

• Support the creation of a comprehensive information security risk management framework and the implementation of mitigation strategies by collaborating with leadership and stakeholders to ensure enterprise-level risk visibility and strategic alignment.
• Collaborate with senior stakeholders for insights on existing and emerging technologies like GenAI, offering strategic updates and impact assessments for informed decision-making.
• Conduct regular risk assessments to continuously monitor risks, security threats, and vulnerabilities, ensuring the effectiveness of controls.
• Lead initiatives to ensure consistent security practices across G&HI projects.
• Facilities Security Controller and our practice partners and staff with regards to ensuring compliance with contractual requirements within the G&HI sector.
• Provide recommendations and guidance covering the use of PwC IT systems and client data handling, ensuring security considerations are addressed, particularly where the use of offshore delivery models.
• Ensure compliance with technology requirements including PwC systems, laptops.
• Report and investigate security breaches, maintaining records and communicating with relevant G&HI leadership.
• Govern evaluations and assessments of information security risks and non-compliance, determining their potential impact and likelihood on the organisation.
• Respond pragmatically to challenging situations and lead risk remediation efforts to negotiate and balance risk with business imperatives, particularly within the UK firm.
• Build and manage relationships across a global network, effectively handling a matrixed organisation.
• Take ownership of team deliverables to ensure timely, quality-driven, and strategically valuable outcomes for the organisation.
• Participate actively in team activities, contributing to strategic projects, communications, process improvements, knowledge sharing, and fostering a positive work environment.

Do you have experience in Time management?, * Strong communication and influencing skills to assist, inform, and build relationships with stakeholders in both the business and support teams, to enable effective information security

• Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
• Excellent time management skills, balancing working efficiently on your own and contributing as part of a wider team - prioritising and recognising when to escalate to management.

Experience & Qualifications:

• Previous proven management experience in an information security risk management role.
• Formal certifications / qualifications in Information Security (CISSP, CISM, CRISC, CompTIA
• Security+).
• Extensive knowledge of risk assurance frameworks essential, such as ISO 31000; NIST CSF;
• ISO 27001
• Knowledge of technical security principles highly desirable
• Broad understanding of technology and how security is applied to technology in a large
• enterprise setting
• Experience at an enterprise, global company or big four firm is desirable
• Strong data manipulation and visualisation skills (PowerBI, Alteryx, Excel).

PwC provides services to 420 out of 500 Fortune 500 companies. The firm was formed in 1998 by a merger between Coopers & Lybrand and Price Waterhouse.