Summary of Role
Initial fixed term contract for 12 months with possibility to extend or convert to permanent employee.
As Head of Client Assurance for Information and Cyber Security you will be working across Willis Towers Watson providing a range of information security assurance activities covering:
Answering information security queries from clients, supporting our business and related security areas
Managing overall lifecycle of client assurance and its component parts
Ensuring RFP processes enable the team to track the clients adhere to WTW standards for access controls to WTW systems and applications
Maintaining overall processes for client support across in scope security capabilities
Running regular sessions with team to quality review progress against in scope key capabilities
Embedding and monitoring comprehensive view of security control gaps, associated risks and potential exposures
Running deep dive sessions with the business in support of security areas that could risk client loss of business
Managing escalations of client security related activities for acceptance and/or decisions
Owning and running white glove client activity, ensuring quality review and support, preventing client escalation and risk
Creating consistent and accurate data reporting to identify trends and emerging risks across segments and corporate functions
Providing appropriate reporting against WTW operational and security KPIs and propose actions where gaps identified
Development of strong relationships with key influencers across business, technology and key clients
Creating partnerships with outsource functions, ensuring appropriate engagement where impact to clients security service
Recommending updates to the third party standards and controls with the target of being first in class secure
Working in partnership with function counterparts, sharing appropriate information across assurance supporting key outcomes for internal customers, clients and connected third parties
Developing strong relationship with other ICS counterparts that are key influencers in providing assurance that new applications or infrastructure are appropriately secure
Supporting the identification and development of change activities and programs to be planned to close security gaps
Managing any regulatory, audit and other mandatory requirements supporting the success of winning and retaining client business
This role resides in our Information & Cyber Security team within Corporate IT, reporting to the Assurance Director, Information Security.
You will be responsible at a day to day level for:
Supporting information security infrastructure improvements
Performing due diligence on important and strategic client work with segments
Supporting due diligence on escalations of third parties that impact clients
Providing client contract advice
Undertaking audits and performance evaluations of clients
Supporting client queries related to information security
Providing support to WTW business segments during tenders for new business where good information security is seen by the client as critical
Evolving the services to reflect the rapidly changing technologies and customer delivery channels being deployed and to meet the evolving demands of the diverse business areas being serviced
Providing risk based assurance advice on all information security issues to the business, project and new product teams throughout WTW
Attend client audits and providing review and appropriate presentations, providing confidence of data handling securely
Respond to client questionnaires using a consistent approach via the knowledge base and continuous updates to the knowledge base
Provide client contracting guidance on security matters and related clause and provide contract advice during client reviews
Support segments with client RFPs, providing confidence of security matters and providing responses
Provision of WTW security presentations to clients in RFPs
Provision of ad-hoc reports to clients (SOC, HIPAA, Pen Test, other)
Work with technology teams to provide assurance that new applications or infrastructure for clients are appropriately secure
Measure WTW control gaps against client expectations and security policies
Log WTW control gaps, risks and potential exposures
Log client contract gaps aligned to access management of clients where they have access to WTW systems and apps periodically against critical and sensitive applications and systems
Managing a team of security specialists who:
Leading an offshore team who:
Monitor and manage intakes, workflow and capacity
Carry out the initial triage to determine the level of security input required
Enable a connected workforce when allocating work to assurance security consultants
Support and input to operational and volume reporting
Working in partnership with :
Security Third Party Assurance
Security Consultancy and Project Assurance
Security assurance performance management and metrics
Wider security functions as necessary to achieve appropriate outcomes
Critical interfaces across the business and technology that allow the team to be successful
You will have a passion for your work, a strong desire to learn and a real interest of information security – with an understanding of the positive impacts it can make to a business.
Ability to assess security and business risks, analysing and presenting critical risks and potential remediation activities to all levels of management within the business.
Experience of working within internal or external audit, either within a previous organisation or as part of a professional services firm is desirable.
Experience managing a team of security, assurance, and/or compliance professionals.
An ability to work across multiple business segments and contexts, and to understand that different teams will require different engagement approaches will be helpful.
Effective communication and stakeholder management skills are a core requirement for this role.
Degree in a relevant Business or Information Technology area (desirable).
Information Security specific qualification is desirable (such as CISM, CISSP, MInstISP) is desirable.
Equal Opportunity Employer