Risk Services - Cybersecurity Audit and Data Protection Associate (July 2027 Intake)

Key Responsibilities

As an Associate, your responsibilities include but are not limited to:

• Collaborate with the team to deliver comprehensive cybersecurity and data protection services to clients.

• Support assessments of clients’ data protection practices against local regulations (such as PDPA in Singapore) and international standards (e.g., GDPR, ISO 27701, ISO27001, NIST Cybersecurity and Privacy frameworks).

• Assist in performing gap analyses and compliance assessments, contributing to detailed reporting and actionable recommendations.

• Assist in the planning and execution of technology and cybersecurity audits.

• Collaborate with clients' teams to gather necessary audit evidence and documentation, evaluating the design and operating effectiveness of IT controls.

• Identify potential risks, vulnerabilities, and areas for improvement within IT systems and processes, preparing clear and concise audit reports, including findings and recommendations for management.

• Conducting compliance reviews against technology standards and regulations such as CSA Cybersecurity Codes of Practice (CSA CcoP), ISO27001, and others.

• Engage with various tools and technologies used in data security, privacy management, and risk assessment, participating in cyber simulation exercises.

• Collaborate across multidisciplinary teams, assisting with the establishment and uplift of data and cybersecurity measures for our clients and supporting projects aimed at enhancing clients' cybersecurity posture.

What We Are Looking For

• Final-year student or recent graduate in Computer Science, Computer Engineering, Information Technology, Cybersecurity, or related disciplines from reputable local or overseas universities.

• Strong fundamentals in information technology, networking principles, and cybersecurity concepts.

• Basic understanding of network and cryptography principles, and data loss prevention (DLP) technologies.

• Familiarity with cloud security principles and tools (e.g., Microsoft 365, AWS, Azure), common security testing tools (e.g., Kali Linux, Burp Suite, Nmap, Metasploit, Covenant, BloodHound) and database security fundamentals.

• Knowledge of data privacy principles, cybersecurity frameworks, and regulations, along with understanding common vulnerability classes (e.g. OWASP Top 10), exploitation techniques, and defensive concepts.

• Working knowledge of at least one scripting language (e.g., Python, Bash, PowerShell) – the ability to automate and adapt is a plus.

• Strong analytical thinking, critical thinking, and problem-solving skills; ability to explain highly technical concepts to non-technical stakeholders.

• Excellent interpersonal and communication skills.

• Ability to work collaboratively in a team environment, showing initiative and eagerness to learn.

• Offensive security certifications such as OSCP, CRT, CRTO, CEH, eJPT, eCPPT, or similar (or working towards them).

• Genuine passion for offensive security with active participation in CTFs and contributions to open-source offensive security tools.

Application Notes

• Please indicate your first-choice role and, where applicable, a second-choice role, based on your skills, interests, and career aspirations.

• Only shortlisted candidates will be notified due to the high volume of applications.

• Kindly upload both your resume and academic transcript/degree audit in PDF format

• Have questions? Get in touch with us at sg_graduate_recruitment@pwc.com

There have been reports of scammers impersonating PwC HR professionals contacting individuals about fraudulent job opportunities using non-PwC domain email addresses and an overseas number. Please note that genuine communications from our HR team will only come from "@pwc.com" email addresses.