Information Security Risk & Government Manager

Information Security Risk & Government Manager

Join to apply for the Information Security Risk & Government Manager role at PwC UK

Our vision for the PwC Network, fuelled by our Purpose, is to be the most trusted and relevant professional services business in the world - one that attracts the best talent and combines the most innovative technologies, to help organisations build trust and deliver sustained outcomes. The mission protects 370,000 PwC members across 149 member firms worldwide, as well as our global clients.

PwC continues to invest in cyber security capabilities to protect our business and our clients. Within CISO Governance, Risk & Compliance (GRC) team acts as a trusted risk advisor to the UK business. By providing guidance on cybersecurity stakeholders implement effective security measures to mitigate risks and protect the firm's interests.

• Support the creation of a comprehensive information security risk management framework and the implementation of mitigation strategies by collaborating with leadership and stakeholders to ensure enterprise-level risk visibility and strategic alignment.
• Collaborate with senior stakeholders for insights on existing and emerging technologies like GenAI, offering strategic updates and impact assessments for informed decision‑making.
• Conduct regular risk assessments to continuously monitor risks, security threats, and vulnerabilities, ensuring the effectiveness of controls.
• Lead initiatives to ensure consistent security practices across G&HI projects.
• Facilities Security Controller and our practice partners and staff with regards to ensuring compliance with contractual requirements within the G&HI sector.
• Provide recommendations and guidance covering the use of PwC IT systems and client data handling, ensuring security considerations are addressed, particularly where the use of offshore delivery models.
• Ensure compliance with technology requirements including PwC systems, laptops.
• Report and investigate security breaches, maintaining records and communicating with relevant G&HI leadership.
• Govern evaluations and assessments of information security risks and non‑compliance, determining their potential impact and likelihood on the organisation.
• Respond pragmatically to challenging situations and lead risk remediation efforts to negotiate and balance risk with business imperatives, particularly within the UK firm.
• Build and manage relationships across a global network, effectively handling a matrixed organisation.
• Take ownership of team deliverables to ensure timely, quality‑driven, and strategically valuable outcomes for the organisation.
• Participate actively in team activities, contributing to strategic projects, communications, process improvements, knowledge sharing, and fostering a positive work environment.

• Strong communication and influencing skills to assist, inform, and build relationships with stakeholders in both the business and support teams, to enable effective information security.
• Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
• Excellent time management skills, balancing working efficiently on your own and contributing as part of a wider team - prioritising and recognising when to elevate to management.

• Previous proven management experience in an information security risk management role.
• Formal certifications / qualifications in Information Security (CISSP, CISM, CRISC, CompTIA Security+).
• Extensive knowledge of risk assurance frameworks essential, such as ISO 31000; NIST CSF; ISO 27001.
• Knowledge of technical security principles highly desirable.
• Broad understanding of technology and how security is applied to technology in a large enterprise setting.
• Experience at an enterprise, global company or big four firm is desirable.
• Strong data manipulation and visualisation skills (Power
  
  BI, Alteryx, Excel).

Mid‑Senior level

Full‑time

Legal

Accounting

London, England, United Kingdom