Technology and Cyber Security Controls Testing and Assurance Lead

London
January 15, 2024

Job Description


Job title: Technology and Cyber Security Controls Testing and Assurance Lead

Company: Willis Towers Watson

Job description: We are looking for an experienced Technology and Cyber Security Controls Testing and Assurance Lead as part of our 1st LoD Information and Cyber Security function who will be responsible for testing of all relevant controls across all WTW global technology functions.

This is an exciting opportunity to help build and develop sustainable capability and mechanisms to pro-actively test all relevant controls that will ensure WTW continues to effectively manage exposure to technology and cyber security threats. Large part of the role will be building effective relationships with the business and enterprise technology function as well as cyber security teams and other key stakeholders.

Reporting to the Global Head of Cyber Governance, Risk and Controls, you will be key to define and influence prioritization of execution of enterprise-wide Technology and Cyber controls assurance program and ongoing continuous improvements. You will also lead the Technology and Cyber controls assurance team.

The role location is within the UK

The Role

  • Provision of leadership and subject matter expertise to drive adequate technology and information and cyber security controls and assurance
  • Deliver tailored and specific expertise across technology and cyber risk enabling 1LoD to successfully deploy and operate mitigating key controls
  • Development and embed the assurance approach for technology (including information and cyber security)
  • Leading the development and implementation of a risk-based assurance plan to monitor key controls
  • Supporting the delivery of the next GRC tool rollout phase to enable attestation of control operation.
  • Driving embedding of control framework for technology and information and cyber security and for monitoring its effectiveness and adherence to it, ensuring that technology and security controls are effectively and proportionately monitored and managed
  • Leading the assurance team, supporting their knowledge set and drive continuous skill learning and personal development of the team members
  • Responsible for recommending control improvements/new controls to address known issues/identified gaps.
  • You will provide expertise to all relevant stakeholders in embedding relevant controls and mechanisms
  • Support the relevant functions and teams ensure technology control owners have clear understanding of the effectiveness of the current control environment
  • Working with other GRC function to support effective risk remediation and timely responses to regulatory requests for information
  • You will act a key point of contact in relation to all regulatory requests for information in providing control assurance related data
  • Developing and maintaining key stakeholder relationships across technology and information and cyber security function as well as relevant stakeholder outside of immediate organization
  • Responsible for provision of reporting of the control assurance related management information in alignment to governance processes for technology and information and cyber security

The Requirements

Skills:

  • Subject Matter expertise – have a deep knowledge of Technology and Information and Cyber Security controls to be recognised as trusted adviser
  • Experience and understanding of risk and controls management
  • Knowledge and understanding of Information Security Frameworks and standards (NIST, ISO etc)
  • Initiative and pro-activity – take effective and informed decisions using own initiative and based upon a sound understanding of the business issues and challenges of the business
  • Self-starter with ability to add value as part of the team as well as individual contributor
  • Communication – Clear and appropriate communication for employees at all levels with the ability to discuss technical subjects with both technical and non technical audiences. Ability to articulate and pitch resilience risk advice
  • Planning and organising – develop clear, efficient and logical approaches to tackle issues and problems in a logical, step-by-step way. Ability to effectively collaborate, and work independently in a fast paced environment
  • Experience working within a regulated environment such as the financial services sector
  • Experience in roles related to cyber response strategies.

Qualifications:

  • Educated to degree level or equivalent,
  • Hold professional qualifications in a related subject for example, CRISC, CISSP, CISM, CISA
  • Extensive experience in an information security role, specifically in Risk, Governance, Controls, or Audit role, preferably leading a team, supported by a strong IT/Cyber Security understanding.
  • Experience of working within a global financial institution

Behaviors:

  • Resourcefulness and organizational agility
  • Team player with good interpersonal and influencing skills
  • Conflict management resolution (options and impact analysis)
  • Customer focused with integrity and able to establish trust with stakeholders
  • Personal learning & development

Equal Opportunity Employer

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

Expected salary:

Location: London

Job date: Fri, 05 Jan 2024 23:25:48 GMT

Apply for the job now!

Location