Third Party Security Assessor

About the Team:

Information and Cyber Security team aims at protecting WTW, our colleagues and our clients confidential information by assuring its handled securely by security assessing assets and Third parties as well as assuring client legal obligations with control owners globally.

• Key Responsibilities

  ▪ Leading and coordinating the completion of third-party assessment requests against WTW best practice and global standards and controls.
  ▪ Scheduling periodical re-assessment in line with standards and controls.
  ▪ Agree scheduled checkpoints with the third party and WTW Service Owner on evidencing remediations and maintaining central repository; these are tracked through to closure.
  ▪ Providing comprehensive reporting across operational and security KPIs related to third-party assurance activities and identifying gaps, risks, and therefore mitigating actions, and raising appropriate escalations for decision with Head of ICS Third Party Supplier Assurance.
  ▪ Providing risk-based assurance advice on all information security issues.
  ▪ Provide key information to leadership as input for prioritizing the future strategy for the organization.
  ▪ Coordinate with the CISO Office and the Internal Audit function in order to coordinate the execution of internal and external audits and manage the delivery of the required remediation activities in a timely manner.
  ▪ Assisting and collaborating with internal teams on third-party security incidents investigation and response.
  ▪ Assist in developing and continuously improving third-party risk management frameworks and processes to help ensure that the information security controls outlined in the policies and standards are effectively applied by third-party providers.

• Required Skills

• Third-party risk management

• IT General Controls (ITGC)

• Security audits and compliance

• Review of SOC 2 and other security assessment reports

• Nice to Have

• Information security certifications (CISM, CISSP, etc.)

• Knowledge of security and privacy regulations

• Basic understanding of security operations

• Soft Skills

• Strong communication and stakeholder management

• Ability to work well in teams

• Adaptable and proactive mindset

• Degree in Business, Information Technology, or a related field

• 4+ years of experience in third-party risk, information security, or governance

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidatehelpdesk@wtwco.com.