Information and Cyber Security Consultant- FTC

Willis Towers Watson ,
Reading, Berkshire

Overview

Job Description

**Summary of Role** Initial fixed term contract for 12 months with possibility to extend or convert to permanent employee. As Information and Cyber Security consultant you will be working across Willis Towers Watson (WTW) providing a range of information security assurance activities covering: + Advisory into information security queries from clients, supporting client audits and providing support to the business for tenders for new business + Undertaking information security reviews for our most risky third parties who handle our data and advising of the security control gaps, the associated risks and potential/likely exposures which informs our business and suppliers of appropriate remediation actions to treat risks + Working with technology teams to provide assurance that new applications or infrastructure are appropriately secure + Contributing to the entitlement review process to ensure that access to application data continues to be appropriate + Reviewing firewall change controls to ensure that reduce / remove the chance of introducing new security and compliance issues with each change. This role resides in our Information & Cyber Security team within Corporate IT, reporting to the ICS Consultancy and advisory Manager. We are open to candidates located in the United Kingdom. The normal working base location will be Ipswich with regular visits to London or (Reading) Theale. **The Role** You will be responsible at a day to day level for: + Working with a team of security professionals who each manage multiple security initiatives, assessments and actions supporting our business, to : + Support information security infrastructure improvements + Act as a security technical design authority for projects + Perform due diligence on suppliers/third parties during RFI/Ps + Provide contract advice during new supplier onboarding + Undertake audits and performance evaluations of suppliers + Provide advisory service supporting client queries related to information security + Input to the clients auditing WTW for information security + Provide support to WTW business segments during tenders for new business where good information security is seen by the client as critical + Input to the user entitlement review process to ensure that managers periodically review and approve the access that their teams have to critical and sensitive applications + Input to the periodical check reviews on firewall change controls, ensuring appropriate rigour is applied to assess the areas advised across activities have been considered and evidenced, ensuring no new security and compliance issues introduced + Support the evolving services to reflect the rapidly changing technologies and customer delivery channels being deployed and to meet the evolving demands of the diverse business areas being serviced + Providing risk based assurance advice on all information security issues to the business, project and new product teams throughout WTW. **The Requirements** The successful candidate will: + Understand the key security controls required across financials services and insurance industries + Understand change frameworks and used to delivering on time and to quality + Act as a global security advocate, in keeping our colleagues, our clients and our data secure + Understand the human factor in driving change and be able to articulate the importance of security advice and potential exposures if not taken onboard + Be able to think bigger picture across assurance processes and the various security aspects to consider when assessing a problem and plan accordingly + Define approaches during times of change and ambiguity + Effective communication and stakeholder management skills are a core requirement for this role + Have experience in security risk, vulnerability assessing, cloud + Ability to assess security and business risks, analysing and presenting critical risks and potential remediation activities to all levels of management within the business + Experience of working within internal or external audit, either within a previous organisation or as part of a professional services firm is desirable + Experience of working in a team of security, assurance, and/or compliance professionals + An ability to work across multiple business segments and contexts, and to understand that different teams will require different engagement approaches will be helpful + Information Security specific qualification is desirable (such as CISM, CISSP, MInstISP). **Equal opportunity employer**