Information Security Consultancy Assessor

 WTW (NASDAQ: WTW) is in the business of people, risk and capital. With roots dating to 1828, our company has over 45,000 colleagues serving more than 140 countries and markets. Our values – client focus, teamwork, integrity, respect and excellence – underlie all that we do, including how we behave and interact with each other. They are part of our WTW DNA. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets, and ideas — the dynamic formula that drives business performance. Together, we unlock potential. We are located on the internet at wtwco.com

 About The Team:

The Information Security Assurance team aims at protecting WTW, our colleagues, and our client’s confidential information by ensuring it is handled securely. This is achieved by assessing assets and third parties for security compliance and assuring client legal obligations with control owners globally.

Key Responsibilities:

Security Consultancy / Project Risk Assessments

The role involves engaging on projects outside of the Information Security Programme, working with global security teams, and supporting risk management processes:

▪ Engage on projects and programs outside of the Information Security Programme.
▪ Engage with different global information security teams while working on projects.
▪ Keep abreast with latest industry trends, current attack techniques, threat intelligence.
▪ Recommend improvements towards the maturity of the process.
▪ Recommend improvements for control effectiveness.
▪ Develop and maintain project risk management knowledge documentation.
▪ Support and maintain corporate project risk management mailbox.
▪ Support and maintain corporate global project risk management tracker.
▪ Analyze reports to identify potential issues related to data and propose solutions.
▪ Work with limited supervision to develop and implement regular improvements in project risk assessments process.
▪ Performs other related duties as assigned.
▪ Delivering assigned elements of the security program.
▪ Supporting new security tool implementation.
▪ Conduct review of security requirements for projects.
▪ Be single point of contact for projects and work activity on connected workforce approach.
▪ Agree appropriate security controls for projects and assist business teams in the implementation phase.
▪ Produce risk statements of the compliance of projects against applicable controls and give approval advice for solutions to go live.
▪ Check security requirements evidence if necessary.
▪ Connect with different information security teams as per requirement of the projects.

IS Enquiries and Guidance / Information Security Advisory:

This involves supporting business requirements, advisory requests, and providing guidance on information security concerns:

▪ Supporting business requirements by responding to enquiries which come via information security mailbox or Service Now tool.
▪ Working independently on advisory requests to provide advisory services to queries raised by the business.
▪ Ensure tracking and timely closure of requests, enquiries within agreed SLAs.
▪ Liaise with different subject matter experts and accordingly provide solutions, suggestions, or guidance on information security concerns/questions.
▪ Undertaking such other tasks and responsibilities as assigned by the CISO.

Third Party Information Security Contract Review:

This includes reviewing, negotiating, and standardizing contractual clauses to ensure compliance with information and cyber security requirements:

▪ Review and negotiate terms and conditions of contractual clauses as they pertain to information and cyber security.
▪ Draft contractual agreements and revise existing contracts.
▪ Drive standardization of information security contractual clauses with the suppliers based on services they provide.
▪ Support supplier information security risk management processes in relation to contractual agreement.
▪ Participate in contract negotiation of information security clauses.
▪ Provide advice and clarification on contract terms and conditions to key stakeholders including information and cyber security teams, procurement, legal, compliance, WTW supplier risk management.
▪ Maintain and update standard contractual documentation as they pertain to information security.
▪ Resolve any contract-related issues that arise.
▪ Coordinate with relevant departments to ensure information and cyber security contractual obligations are met.
▪ Facilitate successful business relationships and protect the interests of WTW ensuring the best information and cyber security terms and conditions in contracts and agreements.
▪ Interpret and explain contract terms

• Degree in Business, Information technology, Security, or a related field

• 7+ years of experience in information security, risk, or compliance role

  We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidatehelpdesk@wtwco.com.