Para estar informado sobre nuestras oportunidades de empleo:
    Únete a nuestra Red de Talentos

    Technology and Cyber Security Risk Management Analyst

    London, England, United Kingdom

    Technology and Cyber Security Risk Management Analyst

    • 202406565
    • London, England, United Kingdom
    • Closing on: Jan 3 2025

    Description

    WTW Information & Cyber Security (ICS) Risk Management team requires a technology and cyber risk management analyst to support the team in the identification, assessment, treatment, and overall management of technology and cyber risks facing WTW (including but not limited to risk analysis, reporting and risk assessments). This role will also focus on implementing ICS risk management oversight of technology and cyber internal audit findings.

    The Role:

    This role will support the ongoing operations of the ICS risk management team with primary responsibilities including:

    • Technology and Cyber audit finding specific duties:
      • Be the ICS risk management lead supporting validation of internal audit findings and appropriate remediation approach by Technology and Cyber functions to treat the risk within an acceptable risk-based timelines
      • Become an SME on the Internal Audit processes, schedules and support functional leads in agreeing remediation plans timeline based on the end to end internal audit processes
      • Analyse audit findings to identify generic indicators of risk, control design and effectiveness which might be systemic. 
      • Perform oversight of reporting of internal audit findings and provide constructive feedback and challenge.
      • Be a point of contact to Technology and Cyber colleagues who might need some support in effective management of risk from internal audits.
      • Be a point of contact for Internal Audit if they perceive any issues potentially effecting the timely completion of the audit findings. 
      • Support development of KRIs to assist Technology and Cyber functional management effectively manage risk raised from internal audit findings.
      • Support the consideration of MAP findings and how these align to technology and cyber control design and effectiveness verification and how these might impact the technology and cyber risk profile. 

    In addition, this role will support the ICS Risk Management team on other processes relating to management of technology and cyber risk, including:

    • Support performing risk identification, assessment, treatment, reporting and governance processes relating to effective management of technology and cyber risk.
    • Support the management of the Technology and Cyber Risk Management Frameworks and related automation of processes. 
    • Support the building of an effective culture of technology and cyber risk management through awareness and education.

    Qualifications

    The Requirements:

    Skills:

    • Experience of technology and cyber internal audits within the structure of 3 lines of defense
    • Knowledge and experience of technology and information and cyber security risk and controls frameworks and related processes 
    • Experience of technology and cyber risk and issue management
    • Strong stakeholder management, ability to foster and grow relationships, constructive challenge and negotiation skills
    • Excellent communication skills, especially written English
    • Knowledge of GRC tool such as Riskonnect would be an advantage
    • Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO etc)
    • Experience of implementations using Agile approach and practices
    • Proven ability as a team member with ability to prioritise conflicting deadlines and priorities, and respond quickly to changing priorities and work effectively on their own initiative
    • Experience of analysing reporting submissions for completeness and accuracy, and addressing areas of concern with contributors 
    • Able to interpret & present data and information in the appropriate format for different audiences
    • Detail-oriented and capable of delivering at a high level of accuracy

    Qualifications:

    • Educated to degree level or equivalent 
    • Hold professional qualifications in a relevant subject; for example, CRISC, CISSP, CISM, CISA
    • Strong extensive experience in technology role (with proven experience of active management of technology and cyber risks (for example, in projects, technical SME areas etc.). 
    • Experience of working within a global financial and regulated organisation 

    Behaviors:

    • Global team player with good interpersonal
    • Core competencies in regard to influence, negotiation, conflict resolution and assertiveness  
    • Resourcefulness and organizational agility
    • Customer focus, integrity and trust
    • Personal learning & development

    Equal Opportunity Employer

    At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity.

    At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.

    Apply Now

    ¿No tú?

    Gracias

    Contacto no solicitado

    Todos los CV/perfiles de candidatos no solicitados que se presenten a través de nuestro sitio web o de cuentas de correo electrónico personales de empleados de Willis Towers Watson se consideran propiedad de Willis Towers Watson y no pagarán honorarios de agencia. Para poder ser una agencia/compañía de búsqueda de personal para Willis Towers Watson, dicha agencia debe contar con un acuerdo formal existente y por escrito firmado por un agente de selección de personal de Willis Towers Watson y una relación laboral activa con la organización. Los CV se deben presentar de forma tal que cumplan con el proceso de presentación del candidato, que incluye participar activamente en la búsqueda específica. Del mismo modo, para nuestras agencias de selección/búsqueda de personal, si no se cumple con los pasos del proceso de presentación del candidato, Willis Towers Watson no pagará honorarios de agencia. Willis Towers Watson sigue el principio de igualdad de oportunidades en la contratación. Si deseara que la compañía guarde su información de contacto para su consideración en el futuro, envíe un correo electrónico a: Agency.inquiries@willistowerswatson.com .

    Nuestras oficinas

    Nuestros colegas brindan servicios en más de 140 países y mercados en todo el mundo. Esto da una dimensión global a todo lo que hacemos y crea muchas oportunidades interesantes para que colabores y crezcas. Consulta el mapa a continuación para ver a dónde podría llevarte tu carrera.

    Conozca a nuestra gente