PwC Cybersecurity & Privacy - Senior Associate in San Francisco, California

PwC/LOS Overview

PwC is a network of firms committed to delivering quality in assurance, tax and advisory services.

We help resolve complex issues for our clients and identify opportunities. Learn more about us at

At PwC, we develop leaders at all levels. The distinctive leadership framework we call the PwC Professional ( provides our people with a road map to grow their skills and build their careers. Our approach to ongoing development shapes employees into leaders, no matter the role or job title.

Are you ready to build a career in a rapidly changing world? Developing as a PwC Professional means that you will be ready

  • to create and capture opportunities to advance your career and fulfill your potential. To learn more, visit us at

What will you do if you work in Assurance at PwC?

You'll ask questions and test assumptions. You'll help determine if companies are reporting information that investors and others can rely on. You'll help businesses solve complex issues faced by management and boards. You'll serve the public interest and the capital markets by conducting quality audits. Visit for more information on PwC's Assurance practice.

The world is quickly changing, that's why PwC is quickly adapting. We're capitalizing on trends that will impact corporate reporting.

Our focus is on globalization, technology, sustainability and environmental reporting, population shifts and regulation. We combine skills and experience to help our clients address their challenges.

Job Description

Boards of Directors and executive management recognize the ever increasing importance of effective risk management efforts in meeting their organization's strategic objectives.

PwC's Risk Assurance practice has developed a holistic approach to risk that protects businesses, facilitates strategic decision making and enhances efficiency. Our holistic approach is complimented by the extensive risk and controls technical knowledge and sector-specific experience our Risk Assurance professionals possess.

The end result is a risk solution that is tailored to meet the unique needs of a company.

Areas where our Risk Assurance practice can bring value to an organization include:

  • Leveraging industry and technical expertise to assist management to address more effectively risks associated with their business

  • Assisting management in the assessment of project risks and controls

  • Enhancing internal audit functions to further align to company strategy and risk

  • Reducing company costs through strategic internal audit outsourcing and co-sourcing solutions

  • Increasing value and reducing costs of compliance-related activities

  • Identifying opportunities for companies to effectively mitigate risk and improve business performance

  • Applying the concepts of Enterprise Risk Management to help companies identify, assess, mitigate and proactively consider emerging risks

The Cybersecurity, Privacy and IT Risk team is part of Risk Assurance. Our team of professionals help clients develop a vision for their cybersecurity and privacy program, design and build a sustainable and agile program, operate aspects of the program and provide an independent review and assurance of their program to Management or 3rd party stakeholders.

The velocity and density of information in digital business has significant business benefits due to the insights it creates. However, it exposes new risks on how to protect this data and new privacy challenges to guide its appropriate use. Digital business requires a new view on security and privacy, one that is driven by the level of risk appetite and enablement of business and technology strategy.

Our Key Services are:

  • Strategy, Governance and Management

  • Prioritize investments, allocate resources, and align security and privacy capabilities with the strategic imperatives and initiatives of the organization;

  • Security Architecture and Services

  • Create sustainable security solutions to provide foundational capabilities and operational discipline;

  • Emerging Technologies and Market Trends

  • Assess the opportunities and security and privacy related risks of new technology adoption and dynamically changing business models;

  • Threat, Intelligence and Vulnerability Management

  • Anticipate changes in the risk landscape through situational awareness of the internal and external factors impacting the business ecosystem;

  • Risk and Compliance Management

  • Efficiently and effectively identify, evaluate and manage risk to the business while addressing the evolving regulatory requirements;

  • Information and Privacy Protection

  • Identify, prioritize, and protect sensitive or high value business assets;

  • Attest and Assure

  • Using non-financial-statement reports, including SSAE 16, agreed upon procedures and customized attestations, deliver confidence in companies’ organization’s policies, controls, processes and security;

  • Identity and Access Management

  • Provide integrated and secure processes, services, and infrastructure to enable appropriate controls over access to critical systems and assets;

  • Incident and Crisis Management

  • Plan, detect, investigate, and react timely and thoroughly to security incidents, breaches and compromises.

Position/Program Requirements

Minimum Year(s) of Experience: 2 years of experience in IT Risk Management including experience in Cybersecurity & Privacy.

Minimum Degree Required: Bachelor's degree in Accounting, Finance/Economics, Management Information Systems, Computer Science, Business Administration, Statistics Mathematics, Regulatory Compliance, Science, Technology, Engineering & Mathematics and/or other business fields of study.

Certification(s) Preferred: Obtained or demonstrates an active pursuit of one or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Knowledge Preferred:

Demonstrates considerable knowledge in a role that emphasizes technical knowledge of one or more of the following areas: Cybersecurity and/or Privacy, IT Audit, IT Risk/Compliance Management.

Demonstrates considerable technical and operational cybersecurity, privacy and/or IT Risk knowledge, and/or standard industry practices relating to these areas, in order to assist clients with assessing their posture and improving their program. This includes thorough knowledge of emerging technologies, such as cloud, Internet of Things (IoT) and advanced analytics is advantageous.

Demonstrates considerable knowledge of common cybersecurity, privacy or technology

industry standards/regulations (ISO 27001/27002, NIST 800 series, COBIT, PCI-DSS, ITIL, HIPAA / HITECH, EU Safe Harbor, CANSPAM), especially as it relates to building a program and/or

managing internal controls, risk assessments, business process and internal IT control testing or operational auditing.

Demonstrates considerable knowledge and/or exposure to the common issues facing clients who provide products and services in several sectors that include, but are not limited to Financial Services, Manufacturing, Retail, Media and Entertainment, and Energy.

-Aspires to have a broad career in cybersecurity, privacy and/or IT risk

Proven experience as a consultant, auditor or analyst in a professional services firm or large enterprise, which includes:

-Interfacing with clients on control solutions;

-Leading the planning and execution of projects in the following areas: cybersecurity, privacy, risk management, compliance, IT audit, and / or IT risk management.

Skills Preferred:

Demonstrates proven thorough abilities and success with leveraging creative thinking and problem solving skills, individual initiative, and utilizing MS Office

Word, Excel, Access, PowerPoint, where necessary, in conjunction with the following areas:

-Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts;

-Demonstrating aptitude for conducting quantitative and qualitative analyses of large and complex data;

-Creates high quality deliverables using appropriate business and technical language;

-Collaborates with clients, identifying and addressing client needs through building solid relationships with clients; understanding the client's business; delivering clear requests for information.

Demonstrates flexibility in prioritizing and completing tasks; and communicating potential conflicts to a supervisor.

As a team member, creates or contributes to a positive working environment through building solid relationships with team members by understanding personal and team roles, proactively seeking guidance, clarification and feedback; and providing guidance, clarification and feedback to less-experienced staff.