Job Description

Security Architect, Senior Associate

About the role:

Our vision for the PwC Network, fuelled by our Purpose, is to be the most trusted and relevant professional services business in the world - one that attracts the best talent and combines the most innovative technologies, to help organisations build trust and deliver sustained outcomes.


PwC's global cybersecurity strategy revolves around 4 key points: to identify, control, and reduce the attack surface across the member firm network, and increase our adversaries' cost of attack. Our mission protects 350,000 PwC members across 149 member firms worldwide, as well as our global clients.


If you are seeking an exciting career with the scope to grow your cyber security skills through major change on a global scale, the PwC Network Information Security team will empower you to do so.

Overview:

PwC have increased their commitment to becoming an organisation recognised for technology expertise, which has resulted in an acceleration of their use of disruptive, innovative and emerging technologies.


The Security Architecture team works closely with our innovation and technology teams across the business as an enabler to integrate security in their programmes of work by providing advice and guidance on technology being developed by PwC teams.


The team identifies new opportunities to improve the Firm and global Network's information security protection by designing and influencing the complex set of internal security services that reduce PwC's risk. The Security Architecture team provides the expertise to accelerate innovation and emerging technology to enable us to deliver maximum value to the PwC UK firm and our clients.

About the role & key responsibilities:

As a Security Architect within the UK CISO function, you will work primarily with internal stakeholders in a non-client facing role. You will be responsible for providing security architecture and technical expertise in support of the UK CISO's strategic goals and to enable the UK firm's technology enablement strategy. This will include:

Supporting business teams to design secure technology solutions aligned to the strategy of the global Network of PwC member firms. Engaging business and technology stakeholders at all levels of seniority and specialism to gather their goals and requirements Performing architecture design reviews and threat modelling to identify potential risks Putting forward controls and mitigations that ensure PwC UK's data and reputation are protected Contributing to reference architectures to promote security by design Helping to evolve security governance and procedures used by both PwC UK and the global Network of member firms Supporting Senior Architects and taking an active role in impactful security projects and initiatives across all technology domains, with a current focus on Cloud and AI Security Assessing any risks associated with new technologies or proposed changes in recommended architectures and design patterns, and advising on important security-related technologies Contributing to the delivery of technology transformation programmes and global security initiatives

An effective candidate will

possess

the following skills:

Strong communicator, comfortable working with business teams and technical audiences with a passion and interest in the cyber security arena Able to build relationships and collaborate with a range of UK and global stakeholders including global information security experts, emerging technology specialists and risk teams Problem-solver who can prioritise and identify problems and exercise sound judgement to escalate when appropriate Ability to adapt and learn new concepts quickly and advocate/champion the principles of security best practice Broad understanding of technology and how security is applied to technology in an enterprise setting Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance Ability to frame threats and exposures in a business context recognised by non-technical staff and executives High level understanding of PwC's business model, service offerings, and business operating environment as it pertains to the firm's threat landscape

Experience & Qualifications:

2-3 years in Information Security or adjacent roles (e.g., Security Engineering, Security Operations, Application Security) Foundational understanding of enterprise security concepts such as IAM, network security basics, encryption/key management, vulnerability management, application security, data security, etc Ability to read and produce basic architecture diagrams and write clear, concise security requirements Strong communicator, collaborative, curious and comfortable learning new technologies Cyber Security or Security Architecture certifications welcome from recognised institutions, e.g. ISC2, ISACA, CompTIA, SABSA, BCS, etc Exposure to at least one major cloud provider (Azure, AWS, GCP) and its core security services Domain landscape knowledge of governance and technical security principles * Experience participating in design or change reviews