A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You’ll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets.
Our Network Informations Systems team helps organisations transform their network architecture and infrastructure to ensure security controls are always operating efficiently. As part of the team, you’ll focus on the architecture of information systems, including the design and implementation of network architecture and information storage to optimise programme security and delivery for our clients.
The UK AI team, sub-pillar of the T&I, builds tech products with emphasis on software-enabled consulting services leveraging emerging technologies including artificial intelligence, machine learning, deep learning, advanced analytics and multi-cloud platforms.
The CTO Emerging Technologies, sub-pillar of the Global CTO, provides central capabilities to enable timely, effective and secure adoption of digital solutions based on new and emerging technologies across the PwC network.
A Security Architect is hereby required to facilitate the definitions and implementation of security architecture capabilities that will underpin the development, deployment and continuous delivery pipelines of UK AI technology products. This involves reviewing software and cloud architecture and design patterns, drafting adaptable technology security requirements, aligning UK AI’s security designs and configurations with the Global CTO and NIS Enterprise security guidelines for Cloud and Data-centric security, and assisting the projects (emerging technologies related developments) to adhere to NIS security risk and compliance requirements.
Experience with emerging technologies including artificial intelligence, machine learning, distributed ledger technology or blockchain platforms, multi-cloud environments (including Azure, GCP, AWS, Salesforce / Heroku), advanced analytics, cryptographic controls for data security would be an advantage.
Knowledge of Python, Unix systems, serverless computing (containers and Kubernetes in particular) and DevSecOps is desirable.
The Security Architect will be responsible for ensuring UK AI product architectures provide adequate security capabilities for protecting PwC and Clients’ data of varying classification levels in addition to leveraging existing and/or planned PwC Tech and NIS Security services in liaison with the Global CTO.
The security architect is required to interface with multiple stakeholders including:
UK AI Partner and the team
Global Head of Emerging Technologies and the CTO organisation
NIS UK BISO and the ITGRC teams
Other stakeholders as identified in the course of development works.
Provide security architecture rigour into the design and proofing for selected technologies, tools and platforms UK AI technology products
Address security requirements related to:
Access control and management of the cloud-based environment for the data management platform
Use of encryption, authorised ciphers and key management in the storage of data, transmission and access to data in their respective data stores across cloud and non-cloud environments
Integrations with and use of NIS Identity and Access Management service capabilities across the data management platform
Contribute to definition of secure user stories for the access and use of the platform interfaces
Translate global security and data governance requirements into applicable technical specifications for UK AI security designs and implementations (in liaison with the Global CTO and NIS)
Ensure use of effective technologies that protect sensitive data as they flow from development to production and vice versa (techniques such as data sanitisation, de-sensitisation, tokenisation and/or anonymization )
Continual focus on relevant threat intelligence and future-proofing adoption of security technologies across the UK AI tech product portfolio and platforms.
Maintenance of relevant reusable security architecture artefacts, including architectures, designs, configuration rules and policy scripts etc
Participation in the DevOps and agile delivery rituals as well as security review and architecture governance processes
Key Responsibilities include
Architecture and design of secure solutions that maintain the confidentiality, integrity and availability of applications and classified information at the specified classification and handling levels throughout their lifecycle across technology products and the underlying platforms
Proactively drive discussions and decision-making regarding security architecture as part of UK AI product developments and delivery
Align all security architecture decisions with the PwC Tech, Global CTO and NIS security strategy goals
Drive conformance of UK AI products and practices to security architecture principles defined in the NIS Architecture handbook, and in conjunction with expertise drawn from Global CTO, while highlighting areas of security risk(s) for future review/remediation where appropriate
Work with the UK AI, CTO ET, and NIS BISO teams to build secure environment and configurations for proofing selected design patterns and technology products
Collaborate with other architects and technologists across PwC Network provide consensus-based, democratised, scalable and adaptable architectural solutions for global reuse and consumptions
Maintenance of relevant security architecture artefacts for UK AI, Emerging technologies and integrations with other services, including repository of security configurations for programmatic deployments where appropriate in liaison with UK AI team and the Global CTO organisation.