Job Description

Description

---------------

Security Consultancy / Project Risk Assessments

Engage on projects and programs outside of the Information Security Programme. Engage with different global information security teams while working on projects. Keep abreast with latest industry trends, current attack techniques, threat intelligence. Recommend improvements towards the maturity of the process. Recommend improvements for IS control effectiveness. Develop and maintain project risk management knowledge documentation. Support and maintain corporate project risk management mailbox. Support and maintain corporate global project risk management tracker. Analyze reports to identify potential issues related to data and propose solutions. Work with limited supervision to develop and implement regular improvements in project risk assessments process. Performs other related duties as assigned. Delivering assigned elements of the security program. Supporting new security tool implementation. Conduct review of security requirements for projects. Be single point of contact for projects and work activity on connected workforce approach. Agree appropriate security controls for projects and assist business teams in the implementation phase. Produce risk statements of the compliance of projects against applicable controls and give approval advice for solutions to go live. Check security requirements evidence if necessary. Connect with different information security teams as per requirement of the projects.

IS Enquires and Guidance / Information Security Advisory

Supporting business requirements by responding to enquiries which come via information security mailbox or Service Now tool. Working independently on advisory requests to provide advisory services to queries raised by the business. Ensure tracking and timely closure of requests, enquiries within agreed SLAs. Liaise with different subject matter experts and accordingly provide solutions/suggestions/guidance on the Information security concerns/questions. Undertaking such other tasks and responsibilities as assigned by the CISO

Third Party Information Security Contract Review

Review and negotiate terms and conditions of contractual clauses as they pertain to information and cyber security Draft contractual agreements and revise existing contracts. Drive standardization of information security contractual clauses with the suppliers based on services they provide Support supplier information security risk management processes in relation to contractual agreement Participate in contract negotiation of information security clauses Provide advice and clarification on contract terms and conditions to key stakeholders including information and cyber security teams, procurement, legal, compliance, WTW supplier risk management Maintain and update standard contractual documentation as they pertain to information security Resolve any contract-related issues that arise. Coordinate with relevant departments to ensure information and cyber security contractual obligations are met. Facilitate successful business relationships and protect the interests of WTW ensuring the best information and cyber security terms and conditions in contracts and agreements. Interpret and explain contract terms and conditions to relevant stakeholders.

Qualifications

------------------


Qualified to degree level, preferably in a business, IT or security related subject7+ Years