Third Party Security Assessor

Summary of Role As Third Party Security Assessor for Information and Cyber Security you will be working across Willis Towers Watson providing a range of information security assurance activities covering: Undertaking information security reviews for our third parties who handle our data and manage related areas Preliminary assessment (Self certified review) High level assessments (HLIAT – driving inherent risk) Full security assessment (FSSA – driving residual risk) Lifecycle maintenance Off-boarding third parties and separation of business securely This role resides in our Information & Cyber Security team within Corporate IT, reporting to the Head of Third Party Assurance, Information and Cyber Security. We are open to candidates located in the United Kingdom. The normal working base location will be Reigate or Ipswich with occasional visits to London. The Role You will be responsible at a day to day level for: Carrying out security assessments across all third parties that hold confidential data, this includes suppliers, acquisitions, joint ventures and correspondent brokers Assuring all third parties are able to evidence they are in line with WTW security standards and where there are gaps evidence a remediation plan that shows the gaps that will be closed and by when Preliminary assessment (Self certified review) High level assessments (HLIAT – driving inherent risk) Full security assessment (FSSA – driving residual risk) Logging key security gaps of third parties, the associated risk and potential exposures Working with outsource functions or service owners and advisory on security gaps identified supporting the their party in developing remediation plans Scheduling re-assessments and monitor lifecycle of third parties Where decisions have been made to stop doing business with a third party to ensure off-boarding and separation of business is handled in line with the standards Using the full lifecycle of third party assessments framework and process set out Raising escalations of third parties risk for acceptance and/ or decisions to line management Ensuring data capture is consistent and accurate allowing appropriate data reporting to identify trends and emerging risks across third parties and business segments Being aware and developing relationships with key influencers across business, technology and third parties, Creating partnerships with outsource functions to result in the reduction of risks associated with third parties, whether a service provided or an acquisition of JV and associated assets Working in partnership with function counterparts, sharing appropriate information across assurance supporting key outcomes for internal customers, third parties and clients Developing strong relationship with other ICS counterparts that are key influencers in providing assurance that new applications or infrastructure are appropriately secure Contributing to completion of regulatory, audit and other mandatory requirements supporting the success of the third party team Working in partnership with : Security Client Assurance Security Consultancy and Project Assurance Security Assurance Performance Management and Metrics Wider security functions as necessary to achieve appropriate outcomes Critical interfaces across the business and technology that allow the team to be successful The Requirements Information Security specific qualification is desirable (such as CISM, CISSP, MInstISP) You will have a passion for your work, a strong desire to learn and a strong interest of information security – with an understanding of the positive impacts it can make to a business. Ability to assess security and business risks, analysing and presenting critical risks and potential remediation activities to all levels of management within the business. Experience of working within internal or external audit, either within a previous organisation or as part of a professional services firm is desirable. Experience managing a team of security, assurance, and/or compliance professionals. An ability to work across multiple business segments and contexts, and to understand that different teams will require different engagement approaches will be helpful. Effective communication and stakeholder management skills are a core requirement for this role. Degree in a relevant Business or Information Technology area desirable. Equal Opportunity Employer