Identity Protection Manager

The Role

This role will support Governance, Risk and Compliance responsibilities within WTW and includes activities such as;

• Provide oversight and input to IAM processes undertaken across WTW including access recertification, privileged access, JML, policies/standards and risk process ensuring alignment with the internal Information and Cyber Security framework.

• Assist the IAM Leads in developing the Identity Control Framework by continually researching new technologies, processes and practices contributing to the long-term Identity strategy within WTW.

• Manage key audit requests from both internal and external auditors to provide regulatory evidence to support SOX, SOC2, HIPPA etc.

• Perform as a subject matter expert within IAM covering all aspects of the Identity Security 

• Support solution development through problem solving to ensure adherence to Security Controls, Policies and Standards with a focus on automation and control.

• Derive themes from identified gaps and recommend appropriate remediation measures to mitigate risk associated with gaps.

• Work closely with senior leadership to identify improvement opportunities to enhance existing controls.

• Manage the end-to-end audit lifecycle and Own Management Action Plans

• Govern IAM documentation: design, maintain, and continuously improve policies, SOPs, and compliance dashboards.

The Requirement:

Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO etc)

• Knowledge and understanding of Regulatory Risk and Compliance policies and programs

• Experience of Cloud technology and Identity solutions and practices

• Ability to work as part of a team 

• Knowledge of IAM controls and how to implement them effectively such as; toxic combinations, segregation of duties, lead privileged and zero trust

• Ability to deliver change through people

• Excellent Communication skills, especially written English

• Strong Stakeholder management and ability to influence business and IT leadership.

• The ability to foster and grow relationships.

• Knowledge of SOx/SOC2 requirements for Privileged Access Monitoring and Access Governance Controls.

• Experience of working in a live operational environment with an understanding of the impact of policy adherence is desirable.