SRC _ Cyber Strategy and Resilience_Senior Associate

Actively Reviewing the Applications

PwC Acceleration Center India

India, Andhra Pradesh Full-Time On-site

Posted 3 hours ago • Apply by June 8, 2026

Job Description

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively. In regulatory risk compliance at PwC, you will focus on confirming adherence to regulatory requirements and mitigating risks for clients. You will provide guidance on compliance strategies and help clients navigate complex regulatory landscapes.

Strong understanding of security strategy, program design, security assessments and deep technical controls.
Lead portions of cybersecurity strategy, maturity, and framework assessments (e.g., NIST CSF, ISO 27001), including analyzing findings, validating evidence, and developing higher-level insights and recommendations.
Drive current-state assessments, identify meaningful control or capability gaps, and help design strategic roadmaps, remediation plans, and transformation pathways aligned to client objectives.
Lead current-state assessments, perform gap analyses, and develop roadmap plans with effort estimations. Experience applying these methods across at least two industry frameworks such as NIST CSF, NIST 800-53, CIS, FFIEC, ISO 27001 etc.
Synthesize complex assessment findings into structured, client-ready deliverables— risks, observations, gap summaries, or strategic recommendations.

Hands-on experience designing and implementing program frameworks—including defining program objectives, vision and mission statements, governance structures, target operating models, and first/second/third line of defense responsibilities.
- Proven experience creating, writing, reviewing, and maintaining cybersecurity standards, policies, and procedures.
- Conduct threat modeling using established frameworks (e.g., MITRE ATT&CK, STRIDE), identify potential attack paths or capability gaps, and incorporate insights into assessments, recommendations, and resilience planning.
- Ability to interpret and assess Enterprise Security Architecture, Infrastructure Configurations, SaaS, PaaS, APIs, Network designs, data flow maps, cloud architecture layouts, etc.
- Experience assisting with cloud security designing, including reviewing baseline security, compliance, and configuration requirements across AWS, Azure, or GCP environments.
- Ability to assess cloud architectures from security perspective, including evaluating current and target-state designs, identifying compliance and security requirements, and defining secure cloud migration strategies.
- In-depth understanding of IT cyber resilience architecture, business continuity (BCP), disaster recovery (ITDR) and relevant and cybersecurity standards such as ISO 22301 and NIST SP 800-61, DORA and other industry regulations.
- Experience with GenAI/LLMs to automate and enhance GRC processes.
- Experience implementing or evaluating AI governance and risk controls aligned with the frameworks such as NIST AI RMF or ISO 42001, to guide AI system design, control definition, and responsible AI practices
- Experience with developing AI tools/Agents to automate compliance reporting, policy updates, regulatory summaries, evidence collection, and control testing.
- Ability to design AI-powered chatbots for internal regulatory/controls guidance.
- Strong project management and stakeholder management skills, with the ability to independently manage workstreams, coordinate team activities, and maintain clear communication with clients to drive delivery.
- Ability to collaborate with cross-functional cybersecurity teams to capture, document, and operationalize cybersecurity processes.
- Experience in implementing effective and innovative technology solutions.

Minimum Years Experience Required

5-8 Years

Experience with cyber defense technologies such as SIEM, SOAR, and EDR/XDR platforms.
Familiarity with security operations, including vulnerability management, incident handling, cyber threat intelligence, and proactive threat hunting.
Ability to track emerging digital business trends and evolving threats to ensure they are incorporated into security strategy and architecture.
Understanding of secure software development practices (SSDLC) and the ability to integrate security controls throughout the SDLC.
Experience performing application security assessments, including threat modeling, code reviews, and static/dynamic application security testing (SAST/DAST/SCA).
Experience with application security tools such as Veracode, Fortify, Checkmarx, SonarQube, Burp Suite, or similar platforms is good to have.
Proven capability to independently drive cybersecurity and GRC initiatives end-to-end, including assessment, remediation planning, stakeholder alignment, and execution.
Demonstrated leadership skills and team management capabilities, including providing direction to team members and contributing to effective client management through proactive engagement and issue resolution.
Proficiency with Microsoft 365 and Microsoft Office Suite (Word, Excel, Access, PowerPoint).
Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
Excellent written and verbal communication skills, with the ability to articulate complex concepts clearly and contribute effectively in team settings.
Consistently communicates and drives objectives using fact-based decision-making that balances risk mitigation with business performance.

Professional & Educational Background

MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems).
Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC)