You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Application Security Risk Manager

Toronto, ON
Full Time
4 days ago
A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You'll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets.PwC is driving major change across information and cybersecurity by building a centralized model to provide security services across the entire member firm network. The Network Information Security (NIS) organization is tasked with designing, implementing and maintaining information security capabilities and services for PwC Network of member firms. The NIS Application Readiness team helps IT project teams with everything they need to keep PwC and client data secure - from complying with data protection standards to reducing the possibility of information breaches. We review applications against a set of security controls (ISP and Application Readiness Standard) to identify common information security risks, and then we recommend how to mitigate those risks.
Meaningful work you'll be part of

As an Application Security Risk Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. Responsibilities include but are not limited to:
•Work with Risk Reviewers to ensure tickets are being processed accurately and efficiently
•Work with Consultation Services Architects to identify gaps in compliance and determine inherent risk, mitigating factors, and residual risk
•Collaborate with other AppSec sub pillar teams to ensure relevant processes are completed as necessary and in good standing to support AR disposition
•Interface with customers to provide guidance relevant to AppSec requirements
•Escalate risks and other concerns to Application Readiness Regional Leads, BISOs, CISOs, and other relevant stakeholders
•Interface with a number of other NIS service providers, such as Policy, TPRM, Issues Management, Threat Management
•Provide disposition on ARR tickets and publish other deliverables (ARA report or Risk Statement) as applicable

Experiences and skills you'll use to solve

•Customer service skills to create an exceptional customer experience
•Strong organizational and time management skills to support multiple concurrent reviews
•People leadership skills to provide oversight of Risk Reviewers, coaching and mentoring in an informal fashion
•Knowledge of the Information Security Policy, Application Readiness Standard, and applicable supporting Standards
•Understand the purpose of Application Readiness process
•Ability to assess whether a control is 'met' or 'not met' (black and white)
•Ability to navigate the gray when a control does not meet the letter of the control
•Ability to review documentation analytically, and assess control compliance based on information/documentation provided.
•Ability to evaluate complex data and determine whether data can be used to support the reviews being conducted
•Ability to pull facts and details related to controls from different types of documentation and diagrams submitted
•An understanding of when and how to escalate
•Good understanding of Application IT Security Standards, on-premise as well as cloud-based.
•Good understanding of risk management and experience with identifying and assessing potential information security risks.
•Good understanding and exposure to technical risk assessment along with vulnerability assessment and penetration testing.
•Strong communication skills and the ability to provide risk guidance, inform management about potential risk issues, and relay information about policy requirements effectively
•Proper Experience in coordination of issue tracking, Follow-Ups, communication skills in a global environment.
•CISSP / CISM /CISA / CCSK / CCSP / CRISC considered an asset
•A demonstrated commitment to valuing differences, developing and coaching diverse teams, and ensuring diverse perspectives are heard

Why you'll love PwC

We're inspiring and empowering our people to change the world. Powered by the latest technology, you'll be a part of amazing teams helping public and private clients build trust and deliver sustained outcomes. This purpose-led work, and our continuous development environment, will take your career to the next level. We reward your impact, and support your wellbeing, through a competitive compensation package, inclusive benefits and flexibility programs that will help you thrive in work and life. Learn more about us at

Your Application to PwC

We embrace new technology to deliver securely and differently for our candidates. To protect your personal information, apply at and visit to learn more about what your recruitment experience could look like.

Putting the safety of our people and clients first as we look to a hybrid future

At this time, PwC does not require, but strongly encourages, full vaccination in order to access its offices. Some of our clients may require vaccination and other restrictions to be in place to access their premises. You may, therefore, be required to be vaccinated and comply with all other restrictions where applicable. At PwC, the future ways of work will be a hybrid of in-person and virtual, allowing choice and flexibility to explore new ways of working and collaborating, based on client, team and individual needs.
At PwC Canada, our most valuable asset is our people and we grow stronger as we learn from one another. We're committed to creating an equitable and inclusive community of solvers where everyone feels that they truly belong. We understand that experience comes in many forms and building trust in society and solving important problems is only possible if we reflect the mosaic of the society we live in.
We're committed to providing accommodations throughout the application, interview, and employment process. If you require an accommodation to be at your best, please let us know during the application process.
Information Technology Law Enforcement and Security