Cloud Trust | Cybersecurity  

PwC Acceleration Center Manila (hereinafter, the “Company” or the “Center” or “PwC AC Manila” or “AC Manila”) is a joint venture of PricewaterhouseCoopers (“PwC”) Firms from across the Asia Pacific. It was established to provide professional services to support PwC member Firms in the Asia Pacific, Americas, and European regions only, excluding clients registered and based in the Philippines.

PwC AC Manila is part of a network of PwC service delivery centres around the globe, known as the PwC Acceleration Centers and is staffed by specialised professionals connected through common methodologies, tools and metrics. This strategy is designed to ultimately increase value for our clients and our PwC member firms through improved productivity, enhanced quality and lower cost of delivery.

We are guided by “The PwC Professional”, our global framework for defining and encouraging leadership at all levels. The five core attributes of the framework--whole leadership, technical capabilities, business acumen, global acumen, and relationships--guide all PwC AC Manila employees in providing value for our business and our clients.

What's In It For You

Do you want to grow your professional career as a leader in a dynamic team working at the forefront of Cloud and Cyber Security? We have openings in our rapidly growing Cloud Trust team, which operates across multiple technology and business domains and a range of high-profile clients in this fast-growing market. In this role, you will have an opportunity to lead the growth and development of the team as we build on our position as a market leader. At the same time, you’ll be supported by our senior leadership to develop and enhance your career as a leader in the field of cloud and cyber security.

Key Responsibilities

As a Digital Trust Analyst /Senior Analyst/Manager, you will be working collaboratively with the team to advise our clients in managing cyber security risk and compliance across a range of leading cloud products and services. You will have an opportunity to develop your skills and deliver projects across a broad range of technical, security, risk, and compliance-related domains. You will:

• Work on cloud and cyber security risk-related projects on one or more leading cloud platforms in the IaaS (e.g., AWS, Azure, GCP, AliCloud, Huawei Cloud, etc.) or SaaS (e.g., Office 365, Google Workspace, Salesforce, etc.) space.
• Support in discussions with business and technology stakeholders to help develop and refine their cloud strategy in order to streamline their cloud journey and enable a secure and compliant cloud environment.
• Build trusted and sustainable relationships with clients through various engagements across industries and sectors such as financial services, technology, telecommunications, and government/public sector.
• Support our clients in their design, development, and assessment of cloud architecture (networks, operating systems, databases, middleware, applications, etc.) and the associated security architecture (e.g., XDR, SIEM, SOAR, Cryptographic solutions, IDAM, etc.).
• Leverage various industry standards and frameworks (e.g., CSA CCM, NIST CSF, ISO 27001, CIS, etc.), regulatory guidelines (e.g. MAS TRM, MTCS, ABS Cloud Guidelines, etc.), reports (e.g., OSPAR, SOC reports, etc.) and PwC’s Cloud Trust Framework.
• Advise clients on designing more effective, efficient cloud security operations capabilities across a range of areas such as application security, identity and access management (IAM), privileged access management (PAM), incident response, cryptographic key management, backup & recovery, third-party risk management, and others.
• Work with clients to develop/enhance their Dev(Sec)Ops capabilities to build scalable, robust, high-performing, fault-tolerant, and secure software solutions using CI/CD (Continuous Integration Continuous Delivery) toolsets and automation.
• Advise and/or engineer cloud orchestration and automation in cloud environments using tools such as Terraform, Ansible, and Puppet.
• Support or lead (where applicable) technical workstreams, drawing on your knowledge and experience to support your teammates through knowledge sharing and providing on-the-job coaching where possible.

Qualification Requirements

Educational Background

• Bachelor’s Degree graduate in Computer Science, Computer Engineering, Information Technology and/or a related quantitative field from a reputable university or institution.

Essential Requirements

• At least 1-3 years (analyst) or 3-5 years (senior analyst) or 7 & above years (manager) of experience working in one or more of the following disciplines: cyber security, technology risk management, cloud/IT advisory and implementation, cloud or security software product development, security operations, or IT regulatory compliance.
• Professional certification in one or more areas of cloud, cyber security, technology risk management, IT audit, or architecture such as CISSP, CRISC, CISM, CCSP, CISA, CCSK, CCAK, or TOGAF would be beneficial.- for Senior Analyst and up applicable with 5 years + experience
• Associate level certification in cloud technologies for one cloud (IaaS, PaaS, and SaaS) service providers like AWS, Azure, GCP, AliCloud, or Huawei Cloud.

Preferred Experience / Skills

• It is beneficial for candidates to have some exposure to or interest in a range of diverse technology, security concepts, tools, and methodologies, with some specific areas of focus/expertise. These may include:
• Amazon AWS, and services such as EC2, S3, RDS, R53, AWS Direct Connect.
• Microsoft Azure, and services such as VM, SQL DB, Blob Storage, Azure ExpressRoute
• Google Cloud Platform, and services such as GCE, Cloud SQL, Google Cloud Dedicated Interconnect.
• Identity and Access Management (IAM) and Privileged Access Management (PAM)
• Application Security frameworks and standards such as OWASP
• Security Operation
• Logging and monitoring, and SIEM suites/associated tools
• Networking (hardware, software, routing, firewalls, VPC, SASE)
• Operating Systems (Windows, UNIX, Linux)
• Containerization (Kubernetes/K8, Docker)
• Application Management such as Elastic Beanstalk, App Engine.
• Database / Data Warehouse such as SQL, NoSQL, Columnar, Graph.
• Encryption and Cryptographic Key-Management
• High Availability architecture, data backup and recovery
• DevSecOps, CI/CD (Continuous Integration Continuous Deployment), and associated tools such as Terraform, Jenkins, Ansible, Chef, Puppet, Salt stack, etc.
• DevSecOps Automation tools such as Boto3, Lambda, Azure Functions, Google Functions, Python, JSON.
• Knowledge of programming or scripting languages such as Python, Node.js.