Overview
You will act as a key bridge between regulatory expectations (e.g. MAS, CSA), global cyber controls, and local firm risk posture, helping leadership understand whether identified risks are acceptable and aligned with the firm’s risk appetite.
Key Responsibilities
Cyber Risk & Regulatory Oversight:
· Assess cyber risks and control effectiveness across the firm from a regulatory perspective, with primary focus on MAS, CSA, and other relevant regulatory frameworks.
· Conduct cyber risk assessments, including inherent and residual risk evaluation, aligned to regulatory expectations and industry best practices.
· Support regulatory readiness by interpreting regulatory requirements and mapping them to global and local cyber controls.
· Ability to lead and manage a team effectively. The ideal candidate should be proactive, dynamic, and self-driven, with the capability to handle challenging situations, prioritize tasks, manage and mitigate risks, and ensure timely closure.
· Work with senior stakeholders and technology teams to supportcompliance with the Information Security Policy by leveraging your cyber security knowledge and expertise;
Risk & Control Assessment:
· Review and challenge the design and operating effectiveness of controls, leveraging existing frameworks and global NIS standards.
· Work closely with NIS teams (local, regional, and global) to understand existing controls and identify gaps or areas of enhancement.
· Evaluate residual risk and engage with partners and senior stakeholders to have practical discussions around risk acceptance and risk treatment decisions.
Threat & Risk Landscape Analysis:
· Work with Global NIS to analyse the cyber threat landscape to identify emerging risks, trends, and potential impact to the firm.
· Translate technical cyber risks into business-relevant risk statements to support leadership decision-making.
· Maintain an understanding of cyber risk domains, including operational, regulatory, and technology-driven risks.
Cyber Controls & Technical Understanding:
· Demonstrate a strong understanding of cyber controls, including network-level controls, and how they reduce or mitigate risk.
· Partner with technical teams to understand control dependencies and limitations when assessing risk exposure.
· Provide guidance on control improvements aligned to regulatory expectations and firm-wide cyber strategy.
Stakeholder & Partner Engagement:
· Engage with partners and senior stakeholders to discuss risk posture, residual risk, and regulatory implications.
· Act as a trusted advisor who can confidently support risk-based conversations, balancing regulatory expectations with business realities.
· Collaborate across Lines of Service and global teams in a matrixed environment.
Essential Skills & Experience:
· Strong background in Cyber Risk, Regulatory Compliance, and GRC.
· Hands-on experience performing cyber risk assessments and control reviews.
· Familiarity with MAS, CSA, and related cybersecurity regulatory frameworks.
· Experience working with or alongside centralized security functions (e.g. NIS / CISO teams).
· Ability to assess, articulate, and challenge residual risk in a structured and pragmatic manner.
· Strong communication skills with the ability to engage both technical and non-technical stakeholders.
Education & Certifications
· Bachelor’s degree in Information Security, IT, Cybersecurity, or related discipline (or equivalent experience).
· CRISC certification strongly preferred.
· Additional certifications such as CISSP, CISA are advantageous.
Does this describe you?
-
Analytical: Proactive, inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
-
Be able to navigate complex environments and find solutions to reduce security risk. Innovate, think outside of the box and build process efficiency to deliver service excellence.
-
Business: High level understanding of PwC’s business model, service offerings, and business operating environment as it pertains to the firm’s threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
-
Domain landscape: Knowledge of information security risk and compliance principles
-
Communication: Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms’ staff and leadership to enable effective information security activities and processes in line with the cyber readiness program
Join us and be a part of a dynamic team that is dedicated to creating an engaging and effective learning environment for our diverse workforce. Your enthusiasm and contributions will support the success of our training initiatives and contribute to our company’s growth.
At PwC, our purpose is to build trust in society and solve important problems. We are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com/sg. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.
Explore more:
Job ID: 689533WD
About PwC Singapore
At PwC, our purpose is to build trust in society and solve important problems - this is at the core of everything we do from the value we provide to our clients and society to the decisions we make as a corporate.
Our services started with audit and assurance over a century ago. As times change and the issues faced by businesses and individuals evolved, we have developed specialised capabilities in tax, advisory and consulting to help you address emerging new challenges across focus areas like digital transformation, cyber security and privacy, data, sustainability, mergers and acquisitions, and more.
In Singapore, we have more than 3,500 partners and staff to help resolve complex issues and identify opportunities for public, private and government organisations to progress. As part of the PwC network of more than 284,000 people in 155 countries, we are among the leading professional services networks in the world focusing on helping organisations and individuals create the value they are looking for.
