Technology – Risk Services – Cybersecurity Exercise Associate

As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively.

Your responsibilities:  

You will be a part of the firm’s Risk Services – Technology Risk Services (TRS) team, where you will experience a dynamic and fast-paced working environment. From financial institutions, potential start-ups, government agencies to multinational corporations in a range of different industries, clients look to you to conceptualise, design and execute cybersecurity themed exercises ranging from single organisations to industry-wide & sectorial exercises involving many different organisations.  

As a Cybersecurity Exercise Associate, you will be part of a dynamic team of risk management professionals with responsibilities in supporting the team with pre-sales and delivery of cybersecurity themed exercises to our clients. Specific responsibilities include, but not limited to: 

• Work with the team for end-to-end conduct of cybersecurity exercises including exercise planning, scenario development, and reporting. 

• Conduct current state discovery to understand the client’s technology infrastructure, cyber resilience programs, incident response plans and scenario specific playbooks. 

• Design exercise scenarios that are relevant to, and aligned with, the client’s specific environment and context. 

• Engage relevant business, operational, technical and management teams in preparing for the cybersecurity exercise. 

• Provide recommendations to the client on improvements to their existing setup and plans. 

• Play the role as a key member supporting the team during exercise day conduct. 

• Involved in the conduct of post exercise debrief / after-action review workshops. 

• Develop the exercise report and provide observations and recommendations that are meaningful and relevant to the client’s context. 

• Present the exercise report and key observations to the relevant stakeholders and tailor the messages based on the audience. 

• Proactive support in business development activities such as bid management, proposal formulation and client presentations including adhering to internal risk management and compliance policies. 

Required Skills: 

• A degree in Computer Science, Computer Engineering, Information Technology, or a non-IT degree with a focus on cybersecurity from reputable local or international universities. 

• A keen interest in helping clients simulate cyber crisis scenarios via the conduct of Table-top Exercises (TTX), Command Post Exercises (CPX), and Ground Deployment Exercises (GDX) 

• Understanding of various cybersecurity Tactics, Techniques and Procedures (TTPs) for different cyber threat actors. 

• Understands cyber incident response and digital forensic investigation requirements. 

• Familiar with Cyber Kill Chain Methodology, MITRE ATT&CK Framework, NIST Cybersecurity Framework (CSF) 

• A good team player 

• Excellent communication, presentation, analytical, and organizational skills. 

• Able to work on multiple, concurrent projects with tight timelines and competing resources. 

Advantageous to have: 

• Knowledge of Technology systems, network and infrastructure, cybersecurity risks and related control frameworks and practices (COCO, COSO, ISO, ITIL, CMM, COBIT, NIST, SANS, etc.). 

• Possess certifications such as CISSP, GCFE, GREM, GCIA, GCIH, EnCE 

We invite you to bring your unique talents and perspectives to our team, where you will have the opportunity to make a meaningful impact and grow your career in cybersecurity.