Senior Associate - Cybersecurity & Privacy

Deliver client engagements focused on cyber risk and privacy, including assessments, gap analyses, roadmaps, and implementation projects. Translate technical and regulatory requirements into pragmatic policies, standards, architectures, and operating procedures tailored to the client's risk appetite. Design and implement security controls aligned to frameworks such as ISO/IEC 27001, NIST CSF, CIS Controls, and industry regulations (e.g., FINMA circulars, DORA, NIS2). Support clients in maturing capabilities across cloud security, identity and access management, data security (encryption, DLP), vulnerability and threat management, security monitoring, and incident response. Assess third-party and supply chain cyber risk, define remediation plans, and help establish continuous assurance and vendor oversight processes. Advise on privacy compliance and operations (e.g., GDPR, Swiss nFADP), including data protection impact assessments, records of processing activities, data subject rights, cross border transfers, and privacy-by-design. Lead workstreams, manage stakeholders, and ensure high-quality deliverables: reports, playbooks, risk registers, control matrices, and board-ready presentations. Contribute to business development: shape proposals, respond to RFPs, build repeatable assets, and develop points of view on emerging topics. Coach and mentor junior colleagues, foster a culture of teaming and excellence, and stay current with threat trends and regulatory developments.

At PwC Switzerland, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We're part of a tech-forward, people-empowered network and help clients build, accelerate and sustain momentum across audit, assurance, tax, legal, workforce, deals and consulting.

• 2–5 years of experience in cybersecurity and/or privacy consulting or a similar role (internal or external), with proven delivery of client-facing projects.

• Strong knowledge of key frameworks and regulations: ISO/IEC 27001/2, NIST CSF, CIS Controls; awareness of NIS2, CRA, DORA, GDPR, Swiss nFADP and sector-specific guidance (e.g., FINMA) is a plus.

• Practical experience in several of the following: security governance and risk; privacy operations; identity and access management; data security; compliance with cybersecurity and resilience regulations; threat and vulnerability management; security operations and incident response; cloud security.

• Consulting core skills: structured problem-solving, clear writing, confident presentation, stakeholder management, and the ability to translate complex topics into actionable recommendations.

• Education in a relevant field (e.g., Computer Science, Information Security, Engineering, Law, Business) or equivalent practical experience.

• Professional certifications are advantageous (e.g., SSCP, Security+).

• Language skills: fluent in English; French is a strong asset.