Managed Services - Cybersecurity Risk & Controls Assessor - Associate - Operate

PwC Acceleration Centers in India seeks a Cybersecurity Risk & Controls Assessor Associate. The role involves protecting organizations from cyber threats, managing security incidents, and analyzing vulnerabilities. Candidates should have 1-3 years in IT audit or cybersecurity compliance, familiarity with control frameworks, and strong analytical skills. The position emphasizes teamwork, adaptability, and continuous learning within a fast-paced environment.
At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In cybersecurity incident management at PwC, you will focus on effectively responding to, and mitigating, cyber threats, maintaining the security of client systems and data. You will be responsible for identifying, analysing, and resolving security incidents to minimise potential damage and protect against future attacks.

Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities.

Skills

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:
• Apply a learning mindset and take ownership for your own development.
• Appreciate diverse perspectives, needs, and feelings of others.
• Adopt habits to sustain high performance and develop your potential.
• Actively listen, ask questions to check understanding, and clearly express ideas.
• Seek, reflect, act on, and give feedback.
• Gather information from a range of sources to analyse facts and discern patterns.
• Commit to understanding how the business works and building commercial awareness.
• Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements.

Associate Qualifications

Cybersecurity Risk & Controls Assessor Job Description
• 1–3 years of experience in IT audit, IT risk assessment, or cybersecurity compliance.
• Experience supporting internal or external audits.
• Familiarity with common control frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, COBIT, or HIPAA.
• Ability to understand and evaluate technical environments (e.g., IAM, cloud platforms, network security).
• Strong organizational and analytical skills; ability to work independently and within teams.
• Strong written and verbal communication skills, particularly around documentation of controls and findings.
• High attention to detail and ability to manage multiple concurrent assessments.
• Exposure to IAM systems, cloud security, or endpoint protection technologies.
• Familiarity with GRC tools (e.g., ServiceNow GRC, RSA Archer).
• Working knowledge of IT general controls (ITGCs), risk assessment methods, and compliance reporting.
• Professional certifications preferred (e.g., CISA, CRISC, Security+, or ISO 27001 Lead Implementer).

Senior Associate Qualifications
• 4-6 years of experience in IT audit, IT risk assessment, or cybersecurity compliance
• Experience supporting internal or external audits.
• Familiarity with common control frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, COBIT, or HIPAA.
• Ability to understand and evaluate technical environments (e.g., IAM, cloud platforms, network security).
• Strong organizational and analytical skills; ability to work independently and within teams.
• Strong written and verbal communication skills, particularly around documentation of controls and findings.
• High attention to detail and ability to manage multiple concurrent assessments.
• Exposure to IAM systems, cloud security, or endpoint protection technologies.
• Familiarity with GRC tools (e.g., ServiceNow GRC, RSA Archer).
• Working knowledge of IT general controls (ITGCs), risk assessment methods, and compliance reporting.
• Professional certifications preferred (e.g., CISA, CRISC, Security+, or ISO 27001 Lead Implementer).

Key Responsibilities
• Assist in the execution of IT and cybersecurity control assessments based on regulatory, industry, and internal frameworks (e.g., NIST 800-53, ISO 27001, SOC 2).
• Collect and review evidence from system owners and control operators to support control testing and validation.
• Perform control testing and document results in line with internal assessment methodology.
• Collaborate with SMEs and business teams to understand technical implementations and control applicability.
• Identify control gaps, exceptions, or risk themes, and support remediation tracking.
• Support reporting of findings, risks, and recommendations to management and risk stakeholders.
• Maintain documentation for audit trails and ensure compliance with assessment timelines and procedures.
• Assist in the continuous improvement of assessment procedures and templates.
• Leverage tools such as ServiceNow, Archer, or custom GRC platforms for evidence tracking, issue logging, and reporting.