Senior Associate – Information Security

The Role:

This role will support the delivery of Global Information and Cybersecurity (ICS) regulatory requirements. The responsibilities of this role will include:

• Execution of regulatory deliverables, Request for Information (RFIs), Audits and Regulatory questionnaire submissions with a focus on ICS & Technology Risk within a specified time and schedule. 
• Define communications (planning, scoping, issues) engagement with stakeholders (regulators, control owners, senior management) related to regulatory deliverables, RFIs, audits and Regulatory questionnaire submissions.
• Engage with ICS Policies and Standard team to map ICS and Technology standards to the regulatory requirements.
• Co-ordinating and developing high quality and timely responses to requests for information, ensuring consistency and leveraging evidence where possible.
• Engage with the ICS controls testing team where application controls testing is required. Furthermore, support and monitor identified issues and gaps. 
• Support manage and monitor identification and remediation of issue and gaps in line with WTW controls and regulatory requirements. 
• Engage with ICS Risk Team to ensure that the identified risks are reported and managed in line with the risk processes.
• Support management reporting specifically around engagement status and issue management.
• Supporting wider team throughout the regulatory engagements. 
• Contribute to the creation of and delivery of presentations and briefings as required for the key stakeholders. 
• Generating reports for technical and non-technical stakeholders, including the creation of documentation.
• Understanding wider ICS functions and better understanding their Roles and Responsibilities to support our delivery. 

Cross-Functional Collaboration:

• Collaborate with other regulatory compliance functions – e.g. Audit, Compliance, and Privacy, tech partners – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.     

• Work with business units to ensure controls are effective and appropriately address to the relevant regulatory requirements they address.

• Facilitate in attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance assessment and/or audits.

   

Technology and Cybersecurity Regulatory Engagements Programs

• Collaborate in the developing and shaping Regulatory engagement operating model and standard processes.

• Devise and upkeep templates and tools to assist in implementing various ICS Regulatory Engagement programs and reporting.

• Supporting the implementation, alignment to, maintenance and monitoring of controls following Information Security standard and framework.

The Requirements:

• Experienced in identifying and managing Risk and compensating Controls.
• Demonstrable experience in analyzing and applying regulatory requirements to security practices.
• Demonstrable experience in supporting the business to implement controls to meet and maintain compliance in a highly complex global organization. 
• Strong Project Management skills and experience. 
• Excellent writing, presentation, and communication skills
• Experience of working with a high degree of autonomy, managing own workload and delivering tight timescales
• Familiarity with other technology, cybersecurity and privacy regulations would be beneficial.
• Excellent analytical problem-solving skills
• General knowledge of IT operations
• Holistic understanding of risk processes and functions.

Behaviours:

• Good communication skills.
• Global team player with good interpersonal and influencing skills.
• Customer focus and  relationship management.
• Good analytical skills - ability to review and challenge materials produced by colleagues.
• Delivery focused, possessing high levels of resilience and determination.  
• Ability to manage multiple, and changing, priorities.
• Strong desire to continue to learn.

Qualifications:

• Ideally qualified to degree level, in IT or security related subject.
• Ideally extensive years of work experience in Information Security, Information Technology or Risk
• Information security certifications (e.g. CISSP, CCSP, CISA, CRISC, CISM, ISO 27001 LA) are preferable.
• Project Management certification (e.g. PMP) is also preferable.