Senior Analyst - Information Security

Summary:

As the Information Security Associate within the Business Security Operations (BusSecOps) team, you will be responsible for implementing and maintaining information & cyber security practices across WTW. 

Candidate would be required to gain a high-level of knowledge and understanding of critical technology applications and security standards.  You will need to take a leadership role in building security testing framework for web-based applications which includes Threat Profiling, DAST, SAST, Security Architecture, and Penetration testing. In this role, you are expected to understand the organization’s information & cyber security strategy and standards while working collaboratively with technology teams to implement and maintain sound security practices. 

Responsibilities:

• Build and maintain effective relationship with technology teams and ICS stakeholders.
• Foster a culture of information and cyber security best practices though awareness and support.
• Stay up to date with the latest application security developments and security trends to continually improve internal processes.
• Hold good understanding of Application & Infrastructure testing methodology & support development teams in the remediation of vulnerabilities.
• Work with development teams to improve the secure software development lifecycle.
• Engage in information security activities to support client/business engagements i.e., incidents, vulnerabilities, development lifecycles, risk management and emerging threats.
• Ability to coordinate and execute security testing for applications and cloud environments.
• Engage with key stakeholders to support internal and external audit activities to ensure compliance with regulations such as: SOC, FCA, NYDFS, GDPR, HIPAA.
• Demonstrate a good understanding of security regulations and data privacy laws.
• Support the risk identification & exceptions management process.
• Manage and oversee adhoc projects related to maturing information and cyber security controls across the organization.

Requirements:

• 7+ years of experience in Information Security.
• Significant experience in managing and patching vulnerabilities across a host of assets.
• Expert understanding of all aspects of information security principles, policy and its application in business and technology areas.
• Understanding of core cloud security principles.
• Knowledge and experience on supporting information security audits.
• Client focus: ability to engage positively with WTW clients and business stakeholders. 
• Information Security specific certification is desirable (such as CISM, CISSP, CISA, CEH)