Cyber Governance, Risk & Compliance (GRC) – Senior Associate

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 370,000 people in 149 countries. Across audit and assurance, tax and legal, deals and consulting we help clients build, accelerate and sustain momentum. Find out more at www.pwc.com.

About the Team
 

PwC SEAC’s – Cybersecurity team’s vision is to create meaningful relationships with our clients by powering the next generation digital enterprise. Our Cybersecurity team helps our clients think more broadly about security and move boldly towards new possibilities. Our focus areas are Cyber Strategy, Risk & Transformation, Digital Identity & Access Management, Cyber Defense, and Cloud, Data & AI Security. Our Cyber Strategy, Risk & Transformation team supports client in enhancing governance capabilities and strengthening risk management. As a Senior Associate, you will contribute to the design, execution, and delivery of cyber GRC engagements across diverse industries, working closely with senior stakeholders to deliver practical, business-aligned outcomes.

About the role

• Develop and enhance cybersecurity governance materials, including policies, standards, procedures, control frameworks, and RACI models.
• Design and support the development of enterprise security strategies, cyber target operating models, and transformation roadmaps.
• Perform readiness assessments aligned to regulatory, industry, and client-specific requirements
• Execute risk management activities, including risk identification, scoring, control testing, development of KRIs/KPIs, and reporting enhancements.
• Support GRC technology enablement through requirements gathering, workflow mapping, control library development, and dashboard reporting using platforms.
• Facilitate workshops, interviews, and stakeholder discussions to gather insights, align requirements, and validate findings.
• Work collaboratively with cross-functional project teams to ensure seamless and timely delivery of engagement outcomes.
• Keep abreast of emerging regulations, cyber risks, technologies, and best practices to support continuous improvement of practice offerings.

About you

Required Skills & Experience

• 3–5 years of experience in cybersecurity governance, risk management, and compliance.
• Hands-on experience developing or reviewing cybersecurity policies, standards, procedures, and control frameworks.
• Experience conducting cyber maturity assessments, compliance reviews, or risk assessments.
• Hands-on experience with GRC tools (E.g. ServiceNow GRC, Archer, OneTrust).
• Comfortable in dynamic environments with evolving client needs.
• Familiarity with key frameworks and regulations including NIST CSF, ISO 27001, COBIT, MAS TRM, PDPA.
• Strong analytical, problem-solving, communication, and stakeholder engagement skills.
   

 

Education

• Bachelor’s degree in Computer Science, Information Systems, Information Technology, Engineering, or related field. Equivalent experience may be considered.
• Preferred Certifications: CRISC, CISM, CISSP

   

Soft Skills

• Strong facilitation and communication abilities.
• Ability to manage multiple priorities and deliver high-quality outputs under tight timelines.
• Adaptability, teamwork, and growth mindset.