Information Security Consultancy Assessor

About WTW:

WTW is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, WTW has 49,000+ employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas – the dynamic formula that drives business performance. Together, we unlock potential. Learn more at https://www.wtwco.com/en-us. 
 

 About The Team:

The Information Security Assurance team aims at protecting WTW, our colleagues, and our client’s confidential information by ensuring it is handled securely. This is achieved by assessing assets and third parties for security compliance and assuring client legal obligations with control owners globally.
 

Key Responsibilities:

Security Consultancy / Project Risk Assessments

The role involves engaging on projects outside of the Information Security Programme, working with global security teams, and supporting risk management processes:

▪ Engage on projects and programs outside of the Information Security Programme.
▪ Engage with different global information security teams while working on projects.
▪ Keep abreast with latest industry trends, current attack techniques, threat intelligence.
▪ Recommend improvements towards the maturity of the process.
▪ Recommend improvements for control effectiveness.
▪ Develop and maintain project risk management knowledge documentation.
▪ Support and maintain corporate project risk management mailbox.
▪ Support and maintain corporate global project risk management tracker.
▪ Analyze reports to identify potential issues related to data and propose solutions.
▪ Work with limited supervision to develop and implement regular improvements in project risk assessments process.
▪ Performs other related duties as assigned.
▪ Delivering assigned elements of the security program.
▪ Supporting new security tool implementation.
▪ Conduct review of security requirements for projects.
▪ Be single point of contact for projects and work activity on connected workforce approach.
▪ Agree appropriate security controls for projects and assist business teams in the implementation phase.
▪ Produce risk statements of the compliance of projects against applicable controls and give approval advice for solutions to go live.
▪ Check security requirements evidence if necessary.
▪ Connect with different information security teams as per requirement of the projects.

IS Enquiries and Guidance / Information Security Advisory:

This involves supporting business requirements, advisory requests, and providing guidance on information security concerns:

▪ Supporting business requirements by responding to enquiries which come via information security mailbox or Service Now tool.
▪ Working independently on advisory requests to provide advisory services to queries raised by the business.
▪ Ensure tracking and timely closure of requests, enquiries within agreed service level agreements.
▪ Liaise with different subject matter experts and accordingly provide solutions, suggestions, or guidance on information security concerns/questions.
▪ Undertaking such other tasks and responsibilities as assigned by the Chief InfoSec Office.

Third Party Information Security Contract Review:

This includes reviewing, negotiating, and standardizing contractual clauses to ensure compliance with information and cyber security requirements:

▪ Review and negotiate terms and conditions of contractual clauses as they pertain to information and cyber security.
▪ Draft contractual agreements and revise existing contracts.
▪ Drive standardization of information security contractual clauses with the suppliers based on services they provide.
▪ Support supplier information security risk management processes in relation to contractual agreement.
▪ Participate in contract negotiation of information security clauses.
▪ Provide advice and clarification on contract terms and conditions to key stakeholders including information and cyber security teams, procurement, legal, compliance, WTW supplier risk management.
▪ Maintain and update standard contractual documentation as they pertain to information security.
▪ Resolve any contract-related issues that arise.
▪ Coordinate with relevant departments to ensure information and cyber security contractual obligations are met.
▪ Facilitate successful business relationships and protect the interests of WTW ensuring the best information and cyber security terms and conditions in contracts and agreements.
▪ Interpret and explain contract terms.

Requirements:

• 1 - 3 years of experience in information security, risk, and compliance
• Knowledge and understanding of security and Information Technology concepts. Experience working as part of a business support function such as risk, compliance or information security in a large enterprise.
• Knowledge of security standards, frameworks, regulation, and legislation
• Experience of working in an analytical role, with an ability to interpret data, prepare reports and undertake business support activities.
• Risk assessment & Security Audits
• Contractual law/procurement practices for information security clauses
• Security and Privacy regulations

Degree in Business, Information technology, Security, or a related field.

The Application Process

• Stage 1: Online application review

• Stage 2: Live video or in-person interview (round 1)

   

• Stage 3: Live video or in-person interview (round 2)

• Stage 4: Offer & onboarding

   

   

   

  We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidatehelpdesk@wtwco.com.