Job Description

Description

---------------



The Role



This role will support Governance, Risk and Compliance responsibilities within WTW and includes activities such as;


Provide oversight and input to IAM processes undertaken across WTW including access recertification, privileged access, JML, policies/standards and risk process ensuring alignment with the internal Information and Cyber Security framework. Assist the IAM Leads in developing the Identity Control Framework by continually researching new technologies, processes and practices contributing to the long-term Identity strategy within WTW. Manage key audit requests from both internal and external auditors to provide regulatory evidence to support SOX, SOC2, HIPPA etc. Perform as a subject matter expert within IAM covering all aspects of the Identity Security Support solution development through problem solving to ensure adherence to Security Controls, Policies and Standards with a focus on automation and control. Derive themes from identified gaps and recommend appropriate remediation measures to mitigate risk associated with gaps. Work closely with senior leadership to identify improvement opportunities to enhance existing controls. Manage the end-to-end audit lifecycle and Own Management Action Plans Govern IAM documentation: design, maintain, and continuously improve policies, SOPs, and compliance dashboards.

Qualifications

------------------



The Requirement:



Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO etc)


Knowledge and understanding of Regulatory Risk and Compliance policies and programs Experience of Cloud technology and Identity solutions and practices Ability to work as part of a team Knowledge of IAM controls and how to implement them effectively such as; toxic combinations, segregation of duties, lead privileged and zero trust Ability to deliver change through people Excellent Communication skills, especially written English Strong Stakeholder management and ability to influence business and IT leadership. The ability to foster and grow relationships. Knowledge of SOx/SOC2 requirements for Privileged Access Monitoring and Access Governance Controls. * Experience of working in a live operational environment with an understanding of the impact of policy adherence is desirable.