At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In cybersecurity incident management at PwC, you will focus on effectively responding to, and mitigating, cyber threats, maintaining the security of client systems and data. You will be responsible for identifying, analysing, and resolving security incidents to minimise potential damage and protect against future attacks.

Enhancing your leadership style, you motivate, develop and inspire others to deliver quality. You are responsible for coaching, leveraging team member’s unique strengths, and managing performance to deliver on client expectations. With your growing knowledge of how business works, you play an important role in identifying opportunities that contribute to the success of our Firm. You are expected to lead with integrity and authenticity, articulating our purpose and values in a meaningful way. You embrace technology and innovation to enhance your delivery and encourage others to do the same.

Skills

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Analyse and identify the linkages and interactions between the component parts of an entire system.
• Take ownership of projects, ensuring their successful planning, budgeting, execution, and completion.
• Partner with team leadership to ensure collective ownership of quality, timelines, and deliverables.
• Develop skills outside your comfort zone, and encourage others to do the same.
• Effectively mentor others.
• Use the review of work as an opportunity to deepen the expertise of team members.
• Address conflicts or issues, engaging in difficult conversations with clients, team members and other stakeholders, escalating where appropriate.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.

Squad (TDR, IAM, VM, SecOps) Shift Lead Operations Manager

The Cybersecurity Shift Lead is responsible for managing and coordinating all cybersecurity operational activities during their assigned shift across multiple security domains—including Threat Detection & Response (SOC/TDR), Identity & Access Management (IAM), Vulnerability Management (VM), and SecOps.

This role acts as the first point of escalation, ensures smooth shift execution, maintains SLA adherence, and provides guidance to L1/L2 analysts. The Shift Lead ensures operational continuity, quality of service, and timely communication with leadership and client stakeholders.

The Cybersecurity Shift Lead ensures end-to-end operational continuity, serves as the primary escalation point, and drives service quality across all cybersecurity towers during their assigned shift. This role strengthens incident response effectiveness, ensures compliance with SLAs, improves cross-team coordination, and maintains a high degree of operational discipline.

Required Skills & Qualifications

• 6–8 years of experience in cybersecurity operations (SOC, IAM, VM, SecOps).
• Strong hands-on experience with SIEM, EDR, ITSM, IAM, VM tools, or firewall/cloud, Security tools like Web, Email, DLP, Proofpoint monitoring.
• Solid understanding of incident handling, vulnerability lifecycle, access governance, and security monitoring.
• Ability to lead teams in a 24/7 environment, manage pressure, and make rapid decisions.
• Strong communication, coordination, and documentation skills.

Preferred Skills

• Experience with scripting (Python, PowerShell, Bash).
• Knowledge of cloud platforms (Azure/AWS/GCP).
• Understanding of MITRE ATT&CK, vulnerability scoring, threat intelligence.
• Security certifications such as Security+, CEH, CISM & other relevant skill certifications.
• Experience in a managed security services or large enterprise setting.

Key Responsibilities

Shift Oversight & Operational Leadership

• Lead all cybersecurity operations during the assigned shift, ensuring continuous monitoring and timely response across SOC, IAM, VM, and SecOps.
• Act as the primary point of contact for escalations from L1/L2 analysts.
• Ensure all operational tasks, dashboards, queues, and alerts are actively monitored and managed.
• Enforce shift discipline, on-time handovers, and proper documentation of activities.

Incident Management & Escalation Handling

• Oversee triage, investigation, and resolution of security alerts, incidents, access requests, and vulnerability findings.
• Validate escalations from L1/L2 to ensure quality and completeness before forwarding to L3 or client SMEs.
• Lead containment and response actions when required and approved.
• Ensure major incidents (P1/P2) follow proper protocols, with timely communication and coordination across teams.

Service Quality, SLA Tracking & Queue Management

• Monitor SLA performance, response times, backlog, and ticket queues across security domains.
• Ensure remediation tickets, IAM requests, and SOC incidents are tracked, prioritized, and actioned appropriately.
• Identify bottlenecks and assign tasks to analysts to balance workload and meet operational targets.
• Report SLA risks or breaches promptly to management.

Monitoring & Operational Health Checks

• Oversee health checks for SIEM, EDR, IAM, VM, scanner appliances, firewall logs, Security tools like Web, Email, DLP, Proofpoint and cloud telemetry systems.
• Ensure dashboards, log ingestion pipelines, scanning schedules, and connectors are functioning as expected.
• Identify recurring issues and coordinate with engineering/platform teams for resolution.

Coordination Across Cybersecurity Towers

• Work closely with TDR specialists, IAM specialists, VM specialists, SecOps specialists, to maintain operational consistency.
• Ensure cross-tower dependencies are tracked (e.g., incidents requiring SecOps, IAM validation or VM exceptions requiring policy input).
• Facilitate real-time collaboration between teams during active investigations or remediation activities.

Documentation & Shift Reporting

• Maintain detailed shift logs covering escalations, incidents, decisions, tool issues, and pending items.
• Prepare and deliver shift-end reports to the incoming lead and management.
• Ensure incident documentation, evidence collection, and case notes meet quality standards.

Training, Coaching & Analyst Support

• Mentor L1 and L2 analysts in triage techniques, tool usage, SOP adherence, and escalation criteria.
• Conduct mini training sessions, shadowing, and reverse-shadowing exercises during the shift.
• Evaluate team performance and provide real-time feedback to strengthen operational capability.

SOP, Process & Policy Compliance

• Ensure analysts follow established SOPs, runbooks, and incident handling workflows.
• Validate documentation accuracy and recommend SOP updates as process gaps are identified.
• Support compliance requirements (ISO 27001, NIST, SOC2) through proper evidence capture and procedural adherence.

Operational Metrics & Continuous Improvement

• Track shift-level KPIs such as MTTA, MTTR, alert volume, triage accuracy, backlog health, and IAM/VM SLA metrics.
• Recommend improvements in alert tuning, ticket routing, workflow automation, and triage methods.
• Identify areas for efficiency gains and raise them to tower leads or engineering teams.

Client Interaction (As Required)

• Serve as the shift-level representative to client contacts during escalations or real-time investigations.
• Provide timely updates, clarification on incidents, and progress reports when requested.
• Uphold a high standard of communication, professionalism, and responsiveness.

Major Incident Command

• Lead major incidents during the shift, ensuring coordinated response, timely communication, and clear decision-making.

Automation & AI Enablement

• Identify recurring manual tasks suitable for automation or SOAR workflows.
• Collaborate with automation teams to test and validate new playbooks.