Willis Towers Watson
,
Reigate, Surrey
Head of Third Party Security - FTC
|
Job Type: Full-time |
---|
Overview
Summary of Role As Head of Third Party Assurance for Information and Cyber Security you will be working across Willis Towers Watson providing a range of information security assurance activities covering: Undertaking information security reviews for our third parties who handle our data and manage related areas; Managing the full lifecycle of third party assessments and meeting mandatory requirements across standards Maintaining overall assessment process and improvements Running regular sessions with your team to quality review third parties security risk and ensure appropriate processes followed to gain remediation plans Ensuring full review of security gaps, risk and potential exposures are identified Managing escalations of third parties risk for acceptance and/ or decisions Running deep dive assessments for our most risky third parties who handle our data and associated escalations Creating consistent and accurate data reporting to identify trends and emerging risks across third parties and business segments Development of strong relationships with key influencers across business, technology and third parties, Creating partnerships with outsource functions to result in the reduction of risks associated with third parties, whether a service provided or an acquisition of JV and associated assets Recommending updates to the third party standards and controls with the target of being first in class secure Working in partnership with function counterparts, sharing appropriate information across assurance supporting key outcomes for internal customers, third parties and clients Developing strong relationship with other ICS counterparts that are key influencers in providing assurance that new applications or infrastructure are appropriately secure Supporting development of change activities and programs to be planned to close security gaps Managing any regulatory, audit and other mandatory requirements supporting the success of the third party team This role resides in our Information & Cyber Security team within Corporate IT, reporting to the Director of Assurance, Information and Cyber Security. We are open to candidates located in the United Kingdom. The normal working base location will be Reigate or Ipswich with occasional visits to London. This will be a 12 month fixed term contract. The Role You will be responsible at a day to day level for: Supporting information security infrastructure improvements Performing due diligence on important and strategic suppliers/third parties during RFI/Ps Performing due diligence on escalations of third parties Providing contract advice during new supplier onboarding Undertaking audits and performance evaluations of suppliers Supporting client queries related to information security Providing support to WTW business segments during tenders for new business where good information security is seen by the client as critical Evolving the services to reflect the rapidly changing technologies and customer delivery channels being deployed and to meet the evolving demands of the diverse business areas being serviced Providing risk based assurance advice on all information security issues to the business, project and new product teams throughout WTW Leading a team of security specialists who: Carry out security assessments across all third parties that hold confidential data, this includes suppliers, acquisitions, joint ventures and correspondent brokers Assure all third parties are able to evidence they are in line with WTW security standards and where there are gaps evidence a remediation plan that shows the gaps that will be closed and by when Preliminary assessment (Self certified review) High level assessments (HLIAT – driving inherent risk) Full security assessment (FSSA – driving residual risk) Logging key security gaps of third parties, the associated risk and potential exposures Work with outsource functions or service owners and advisory on security gaps identified supporting the their party in developing remediation plans Schedule re-assessments and monitor lifecycle of third parties Where decisions have been made to stop doing business with a third party to ensure off-boarding and separation of business is handled in line with the standards Leading an offshore team who: Monitor and manage intakes, workflow and capacity Carry out the initial triage to determine the level of security input required Enable a connected workforce when allocating work to assurance security consultants