Energy Jobs Direct

Head of Security Client Assurance- FTC 30 views

Summary of Role

Initial fixed term contract for 12 months with possibility to extend or convert to permanent employee.

As Head of Client Assurance for Information and Cyber Security you will be working across Willis Towers Watson providing a range of information security assurance activities covering:

  • Answering information security queries from clients, supporting our business and related security areas
  • Managing overall lifecycle of client assurance and its component parts
  • Ensuring RFP processes enable the team to track the clients adhere to WTW standards for access controls to WTW systems and applications
  • Maintaining overall processes for client support across in scope security capabilities
  • Running regular sessions with team to quality review progress against in scope key capabilities
  • Embedding and monitoring comprehensive view of security control gaps, associated risks and potential exposures
  • Running deep dive sessions with the business in support of security areas that could risk client loss of business
  • Managing escalations of client security related activities for acceptance and/or decisions
  • Owning and running white glove client activity, ensuring quality review and support, preventing client escalation and risk
  • Creating consistent and accurate data reporting to identify trends and emerging risks across segments and corporate functions
  • Providing appropriate reporting against WTW operational and security KPIs and propose actions where gaps identified
  • Development of strong relationships with key influencers across business, technology and key clients
  • Creating partnerships with outsource functions, ensuring appropriate engagement where impact to clients security service
  • Recommending updates to the third party standards and controls with the target of being first in class secure
  • Working in partnership with function counterparts, sharing appropriate information across assurance supporting key outcomes for internal customers, clients and connected third parties
  • Developing strong relationship with other ICS counterparts that are key influencers in providing assurance that new applications or infrastructure are appropriately secure
  • Supporting the identification and development of change activities and programs to be planned to close security gaps
  • Managing any regulatory, audit and other mandatory requirements supporting the success of winning and retaining client business
  • This role resides in our Information & Cyber Security team within Corporate IT, reporting to the Assurance Director, Information Security.

    The Role

    You will be responsible at a day to day level for:

  • Supporting information security infrastructure improvements
  • Performing due diligence on important and strategic client work with segments
  • Supporting due diligence on escalations of third parties that impact clients
  • Providing client contract advice
  • Undertaking audits and performance evaluations of clients
  • Supporting client queries related to information security
  • Providing support to WTW business segments during tenders for new business where good information security is seen by the client as critical
  • Evolving the services to reflect the rapidly changing technologies and customer delivery channels being deployed and to meet the evolving demands of the diverse business areas being serviced
  • Providing risk based assurance advice on all information security issues to the business, project and new product teams throughout WTW

  • Managing a team of security specialists who:

  • Attend client audits and providing review and appropriate presentations, providing confidence of data handling securely
  • Respond to client questionnaires using a consistent approach via the knowledge base and continuous updates to the knowledge base
  • Provide client contracting guidance on security matters and related clause and provide contract advice during client reviews
  • Support segments with client RFPs, providing confidence of security matters and providing responses
  • Provision of WTW security presentations to clients in RFPs
  • Provision of ad-hoc reports to clients (SOC, HIPAA, Pen Test, other)
  • Work with technology teams to provide assurance that new applications or infrastructure for clients are appropriately secure
  • Measure WTW control gaps against client expectations and security policies
  • Log WTW control gaps, risks and potential exposures
  • Log client contract gaps aligned to access management of clients where they have access to WTW systems and apps periodically against critical and sensitive applications and systems
  • Leading an offshore team who:

  • Monitor and manage intakes, workflow and capacity
  • Carry out the initial triage to determine the level of security input required
  • Enable a connected workforce when allocating work to assurance security consultants
  • Support and input to operational and volume reporting
  • Working in partnership with :

  • Security Third Party Assurance
  • Security Consultancy and Project Assurance
  • Security assurance performance management and metrics
  • Wider security functions as necessary to achieve appropriate outcomes
  • Critical interfaces across the business and technology that allow the team to be successful

  • The Requirements

  • You will have a passion for your work, a strong desire to learn and a real interest of information security – with an understanding of the positive impacts it can make to a business.
  • Ability to assess security and business risks, analysing and presenting critical risks and potential remediation activities to all levels of management within the business.
  • Experience of working within internal or external audit, either within a previous organisation or as part of a professional services firm is desirable.
  • Experience managing a team of security, assurance, and/or compliance professionals.
  • An ability to work across multiple business segments and contexts, and to understand that different teams will require different engagement approaches will be helpful.
  • Effective communication and stakeholder management skills are a core requirement for this role.
  • Degree in a relevant Business or Information Technology area (desirable).
  • Information Security specific qualification is desirable (such as CISM, CISSP, MInstISP) is desirable.

  • Equal Opportunity Employer

    Only candidates can apply for this job.
    Email Me Jobs Like These
    Showing 1–0 of 0 jobs

    Leave your thoughts

    Share this job
    Contact Us

    Energy Jobs Direct provides free job posting and CV database search. Please register an account and start taking advantage of our free to use services.

    Contact Us

    Energy Jobs Direct