Overview

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 370,000 people in 149 countries. Across audit and assurance, tax and legal, deals and consulting we help clients build, accelerate and sustain momentum. Find out more at www.pwc.com.

Our Risk Services Practice provides an invaluable safeguard in today’s complex operating environment with insights and independent assurance. We work with clients to deliver business control to help them protect and strengthen every aspect of their business — from people to performance, systems to strategy, business plans to business resilience. We help clients manage, mitigate and control risks from potential cybersecurity breaches to possible breaks in the supply chain. We assess and prepare businesses by looking into their technology, finance, data analytics, regulatory requirements, data security and privacy, internal audit, and the third parties our clients rely on, to help clients deliver quality results and meet their strategic objectives.

How will you value-add?
You will be part of the firm’s Risk Services – Technology Risk Services team, experiencing a dynamic and fast-paced working environment. From financial institutions, potential start-ups, government agencies to multinational corporations across a range of industries, clients look to you for expertise across two key domains:
1) Cybersecurity Exercises — Conceptualise, design, and execute cybersecurity-themed exercises ranging from single-organisation engagements to industry-wide exercises involving multiple organisations.
2) CII Risk Assessment — Plan, conduct, and deliver risk assessments for Critical Information Infrastructure (CII) owners, helping them identify, evaluate, and mitigate cyber risks to essential services in accordance with Singapore’s regulatory requirements and industry best practices.
This is a dual-reporting role, with responsibilities split across both domains. You will collaborate closely with two Directors and their respective teams to ensure seamless delivery across both workstreams.
Key Responsibilities
A. Cybersecurity Exercises
  • Lead the end-to-end conduct of cybersecurity exercises including pre-sales, exercise planning, scenario development, and reporting.
  • Conduct current state discovery to understand the client’s technology infrastructure, cyber resilience programmes, incident response plans, and scenario-specific playbooks.
  • Design exercise scenarios that are relevant to, and aligned with, the client’s specific environment and context.
  • Engage relevant business, operational, technical, and management teams in preparing for the exercise.
  • Provide recommendations to the client on improvements to their existing setup and plans.
  • Conduct the exercise and act as both the exercise facilitator as well as the technical advisor to the exercise scenarios.
  • Conduct post-exercise debrief / after-action review workshops.
  • Develop the exercise report and provide observations and recommendations that are meaningful and relevant to the client’s context.
  • Present the exercise report to the relevant stakeholders and tailor the messages based on the audience.
B. CII Risk Assessment
  • Lead and manage CII risk assessment engagements, including scoping, planning, execution, and reporting.
  • Identify and assess cyber risks to Critical Information Infrastructure, including threats, vulnerabilities, and potential impact to essential services.
  • Review and evaluate the adequacy and effectiveness of CII owners’ cybersecurity policies, processes, and technical controls against regulatory requirements and established frameworks.
  • Conduct gap analyses of clients’ cybersecurity posture against the Cybersecurity Act 2018 (and its subsequent amendments), the CII Codes of Practice issued by the Cyber Security Agency of Singapore (CSA), and other applicable standards and guidelines for designated CII sectors.
  • Develop risk treatment plans and provide actionable, prioritised recommendations to help CII owners strengthen their cyber resilience.
  • Engage with CII owners’ management, operational technology (OT) teams, and IT teams to gather evidence, conduct interviews, and validate findings.
  • Prepare comprehensive risk assessment reports and present findings and recommendations to senior stakeholders, regulators, and boards as required.
  • Assist CII owners in meeting their statutory obligations under the Cybersecurity Act, including but not limited to CII risk assessments, audits, and incident reporting requirements as mandated by CSA.
  • Stay current on evolving CII regulatory requirements, sector-specific threat landscapes, and emerging risks relevant to critical infrastructure in Singapore.
C. Common / Cross-Cutting Responsibilities
  • Proactive support in business development activities such as bid management, proposal formulation, and client presentations, including adhering to internal risk management and compliance policies.
  • Able to work on multiple, concurrent projects with tight timelines and competing resources across both workstreams.
  • Able to manage a team of cybersecurity specialists to assist in the conduct and delivery of exercises and risk assessments.
  • Build and maintain strong client relationships across both engagement types.
  • Contribute to thought leadership, internal knowledge sharing, and methodology development for both cybersecurity exercises and CII risk assessments.
  • Mentor and develop junior team members across both domains.
About You
Experience & Knowledge
  • 5–7 years of relevant experience in cybersecurity, with demonstrable exposure to at least two of the following areas: cybersecurity incident response, security operations centre (SOC), risk assessment, and/or critical infrastructure protection.
  • Proven knowledge in the conduct of Table-top Exercises (TTX), Command Post Exercises (CPX), and Ground Deployment Exercises (GDX).
  • Strong understanding of CII risk assessment methodologies and Singapore’s regulatory framework governing critical information infrastructure, including the Cybersecurity Act 2018, CII Codes of Practice, and guidelines issued by the Cyber Security Agency of Singapore (CSA).
  • Good working knowledge of various cybersecurity Tactics, Techniques, and Procedures (TTPs) for different cyber threats.
  • Understanding of cyber incident response and digital forensics investigation requirements.
  • Familiarity with Operational Technology (OT) / Industrial Control Systems (ICS) environments and their unique cybersecurity challenges is a strong advantage.
  • Familiar with Cyber Kill Chain Methodology, MITRE ATT&CK Framework, NIST Cybersecurity Framework (CSF).
Skills & Competencies
  • Demonstrated ability to communicate complex concepts clearly across different audiences and varying levels of the organisation.
  • Excellent communication, presentation, and analytical skills.
  • Excellent communication skills, especially related to exercise facilitation, documentation, and reporting.
  • Demonstrates strong organisational skills with the ability to manage dual-reporting lines and competing priorities effectively.
  • Proven track record of managing a team, and a good team player.
  • Highly developed relationship management, influencing, and leadership skills.
  • Self-starter with the ability to operate independently while collaborating effectively across two teams and Directors.
Advantageous to Have
  • Knowledge of technology systems, network and infrastructure, cybersecurity risks and related control frameworks and practices (COCO, COSO, ISO, ITIL, CMM, COBIT, NIST, SANS, etc.).
  • Experience conducting risk assessments or audits in Singapore’s designated CII sectors (e.g., Energy, Water, Healthcare, Transport (Land, Maritime, Aviation), Telecommunications, Banking & Finance, Media, Security & Emergency Services, Government).
  • Familiarity with IEC 62443, NIST SP 800-82, or other OT/ICS security standards.
  • Experience with regulatory engagement or compliance assessments under Singapore’s Cybersecurity Act 2018, including familiarity with CSA’s CII audit and assessment frameworks and the 11 designated CII sectors in Singapore.
  • Possess industry-related certifications such as CISSP, CISM, CRISC, GCFE, GREM, GCIA, GCIH, EnCE, GICSP.

At PwC, our purpose is to build trust in society and solve important problems. We are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com/sg. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.

Explore more:


Job ID: 709151WD

Tagged as:

About PwC Singapore

At PwC, our purpose is to build trust in society and solve important problems - this is at the core of everything we do from the value we provide to our clients and society to the decisions we make as a corporate.

Our services started with audit and assurance over a century ago. As times change and the issues faced by businesses and individuals evolved, we have developed specialised capabilities in tax, advisory and consulting to help you address emerging new challenges across focus areas like digital transformation, cyber security and privacy, data, sustainability, mergers and acquisitions, and more.

In Singapore, we have more than 3,500 partners and staff to help resolve complex issues and identify opportunities for public, private and government organisations to progress. As part of the PwC network of more than 284,000 people in 155 countries, we are among the leading professional services networks in the world focusing on helping organisations and individuals create the value they are looking for.