Information Security Consultancy Assessor

Experience in Information Security or related roles and a demonstrable interest in security, compliance, and risk management, you will support the CISO and Information Security Officers in undertaking a range of activities as part of the global Information Security team.

An understanding of information security best practices and experience in a relevant security role (operations, assurance, risk management or technical) would be beneficial, as would any familiarity third party security oversight / assurance, or IT principles and techniques appropriate to large enterprises such as IT service delivery, development, networks and systems, data centre operations; cloud services; networking, software development processes, or change management. 

Most importantly, you must be an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence of the Information Security function and ensuring effective management of security risk.

Specifically, this role is required to provide security advice and guidance to projects and change within WTW to ensure that business and technology solutions are secure.

Security Consultancy / Project Risk Assessments

• Engage on projects and programs outside of the Information Security Programme.

• Engage with different global information security teams while working on projects.

• Keep abreast with latest industry trends, current attack techniques, threat intelligence.

• Recommend improvements towards the maturity of the process.

• Recommend improvements for IS control effectiveness.

• Develop and maintain project risk management knowledge documentation.

• Support and maintain corporate project risk management mailbox. 

• Support and maintain corporate global project risk management tracker.

• Analyze reports to identify potential issues related to data and propose solutions.

• Work with limited supervision to develop and implement regular improvements in project risk assessments process. 

• Performs other related duties as assigned. 

• Delivering assigned elements of the security program.

• Supporting new security tool implementation.

• Conduct review of security requirements for projects.

• Be single point of contact for projects and work activity on connected workforce approach. 

• Agree appropriate security controls for projects and assist business teams in the implementation phase.

• Produce risk statements of the compliance of projects against applicable controls and give approval advice for solutions to go live.

• Check security requirements evidence if necessary. 

• Connect with different information security teams as per requirement of the projects. 

IS Enquires and Guidance / Information Security Advisory

• Supporting business requirements by responding to enquiries which come via information security mailbox or Service Now tool. 

• Working independently on advisory requests to provide advisory services to queries raised by the business.

• Ensure tracking and timely closure of requests, enquiries within agreed SLAs.

• Liaise with different subject matter experts and accordingly provide solutions/suggestions/guidance on the Information security concerns/questions.

• Undertaking such other tasks and responsibilities as assigned by the CISO

   

  Third Party Information Security Contract Review

• Review and negotiate terms and conditions of contractual clauses as they pertain to information and cyber security

• Draft contractual agreements and revise existing contracts.

• Drive standardization of information security contractual clauses with the suppliers based on services they provide

• Support supplier information security risk management processes in relation to contractual agreement 

• Participate in contract negotiation of information security clauses

• Provide advice and clarification on contract terms and conditions to key stakeholders including information and cyber security teams, procurement, legal, compliance, WTW supplier risk management 

• Maintain and update standard contractual documentation as they pertain to information security 

• Resolve any contract-related issues that arise.

• Coordinate with relevant departments to ensure information and cyber security contractual obligations are met.

• Facilitate successful business relationships and protect the interests of WTW ensuring the best information and cyber security terms and conditions in contracts and agreements.

• Interpret and explain contract terms and conditions to relevant stakeholders.

Direct Span

Skill

Knowledge and understanding of security and IT concepts. Experience working as part of a business support function such as risk, compliance or information security in a large enterprise.

Experience of working in an analytical role, with an ability to interpret data, prepare reports and undertake business support activities.

OWASP top 10, penetration testing techniques.

Knowledge of current and evolving vulnerabilities including prioritization of remediation. 

Engage with the business to explain technical findings and communicate it effectively to them.

Knowledge of current threats and evolving attack vectors.

Knowledge of network security technologies, included and not limited to:

• Reviewing firewall rules 
• Reviewing Security Architecture best practices
• Knowledge of Cloud network implementation including Network Security Groups
• Reviewing network security diagrams to advice on any improvements to security posture.

Broad knowledge of cloud service providers and technologies.

Knowledge and application of Secure Development frameworks.

IT security, service delivery, systems development, or similar experience

Any Graduate Full Time.