Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Associate

Job Description & Summary

What we do:
PwC SEAC's Technology Consulting's vision is to create meaningful relationships with our clients by powering the next generation digital enterprise.
Our Cybersecurity team helps our clients think more broadly about security and move boldly towards new possibilities. We offer our clients an end-to-end portfolio of services across four stages: assess, build, manage and respond.
Focus areas:
Cyber Risk Strategy | Digital Identity & Access Management | Data Privacy & Protection| Cyber Defence & SOC Optimization

Privacy assessment and remediation

Responsibilities

• Design and build sustainable and agile programs, including its operational aspects
• Design and work on Cybersecurity framework based on business objectives and strategic imperatives of the client organization including goals, vision, mission, and operational plans
• Designing and implementing data protection and privacy programs for our clients and supporting their business
• Evaluating the data protection and privacy practices of our clients and Conducting Privacy Impact Assessments
• Assist in development of workflows for transitioning strategic plans into implementation plans and operational readiness
• Facilitate strategic planning initiatives, documentation, technical roadmaps and security tool rationalization
• Assist in designing the security organization structure including cyber defense.
• Develop security policies, procedures, standards based on the security strategy and roadmap
• Review of cyber security policies and processes to identify gaps in design of control based on comprehensive assessment framework Maintain continuous communication with key stakeholders in support of the security strategy, and plan and solicit feedbacks, to uplift the programs and capabilities
• Conduct security process implementation reviews to assess security effectiveness and reporting
• Conduct Current State Assessment of cyber security practices against the defined controls and provide recommendations for to-be state
• Run cyber security diagnostic assessments and develop programs for Cybersecurity skill development and enhancement
• Implement security controls for realization of the certification requirements and provide technology roadmap based on the security strategy
• Assisting in delivering privacy projects to acting as a subject matter expert on them or to leading a team towards excellent client experience.
• Supporting and guiding our clients in adhering to the complex web of relevant national and international regulations (e.g. EU General Data Protection Regulation).
• Deploying processes and tools to help detect and prevent privacy breaches.
• Ensuring a harmonized approach towards data protection and privacy by bringing together our client's stakeholders (e.g. legal, compliance, risk, HR, security, business functions).
• Assisting clients in privacy related incident response activities.
• Supporting the client's team by acting as an interim team member (e.g. data protection officer, security officer, security manager, security analyst)
• Proactively identifying and pursuing opportunities for further business and team growth

Pentest

Responsibilities

• Perform technical security assessments, such as penetration testing, source code review, and security system configuration testing on various cyber assets, such as websites, mobile application, networks and IoT
• Articulate and present security vulnerabilities clearly in both written and verbal reports to clients.
• Develop tools or scripts as necessary to create proof-of-concepts in challenging engagements.
• Conduct security research to discover critical hidden vulnerabilities and interpret results from common security tools.
• Complete client engagements effectively and efficiently.

Requirements:

• 0-2 years of experience in cyber-security
• Bachelor's degree in Computer Science, Information Systems, or equivalent education or work experience
• Keen to acquire relevant qualifications such as CIPM, CIPT, CIPP/E, CISM, CISSP, and/or HCISSP, as well as involvement in industry related organizations (e.g. IAPP, ISACA, (ISC)²) or relevant certifications
• Knowledge and experience with relevant data protection and privacy laws and regulations (e.g. PDPA, EU GDPR, and Privacy Shield) and industry standards and frameworks, such as GAPP and BCR.
• Have knowledge of industry standard classification schemes, such as NIST, ISO27000, and PCI DSS.
• Be able to conduct and simulate manual penetration tests.
• Be able to code at least in one scripting language such as SQL, C ++, JavaScript, Ruby, or Python.
• Strong interpersonal and stakeholder management skills with ability to coordinate between technical and business teams.
• Excellent verbal, written communication both in Thai and English
• Excellent interpersonal skills with stakeholders at all levels.
• Ability to efficiently understand client organizations and their business model and to tailor relevant processes to privacy requirements.
• An analytical mindset, and demonstrated ability to work in a result-oriented environment

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Degrees/Field of Study preferred: Bachelor Degree - Engineering, Bachelor Degree - Information Technology, Bachelor Degree - Computer and Information Science

Certifications (if blank, certifications not specified)

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date