Information Security Consultancy Assessor

Security Consultancy / Project Risk Assessments

• Engage on projects and programs outside of the Information Security Programme.
• Engage with different global information security teams while working on projects.
• Keep abreast with latest industry trends, current attack techniques, threat intelligence.
• Recommend improvements towards the maturity of the process.
• Recommend improvements for IS control effectiveness.
• Develop and maintain project risk management knowledge documentation.
• Support and maintain corporate project risk management mailbox. 
• Support and maintain corporate global project risk management tracker.
• Analyze reports to identify potential issues related to data and propose solutions.
• Work with limited supervision to develop and implement regular improvements in project risk assessments process. 
• Performs other related duties as assigned. 
• Delivering assigned elements of the security program.
• Supporting new security tool implementation.
• Conduct review of security requirements for projects.
• Be single point of contact for projects and work activity on connected workforce approach. 
• Agree appropriate security controls for projects and assist business teams in the implementation phase.
• Produce risk statements of the compliance of projects against applicable controls and give approval advice for solutions to go live.
• Check security requirements evidence if necessary. 
• Connect with different information security teams as per requirement of the projects. 

 

IS Enquires and Guidance / Information Security Advisory

• Supporting business requirements by responding to enquiries which come via information security mailbox or Service Now tool. 
• Working independently on advisory requests to provide advisory services to queries raised by the business.
• Ensure tracking and timely closure of requests, enquiries within agreed SLAs.
• Liaise with different subject matter experts and accordingly provide solutions/suggestions/guidance on the Information security concerns/questions.
• Undertaking such other tasks and responsibilities as assigned by the CISO

 

Third Party Information Security Contract Review

• Review and negotiate terms and conditions of contractual clauses as they pertain to information and cyber security
• Draft contractual agreements and revise existing contracts.
• Drive standardization of information security contractual clauses with the suppliers based on services they provide
• Support supplier information security risk management processes in relation to contractual agreement 
• Participate in contract negotiation of information security clauses
• Provide advice and clarification on contract terms and conditions to key stakeholders including information and cyber security teams, procurement, legal, compliance, WTW supplier risk management 
• Maintain and update standard contractual documentation as they pertain to information security 
• Resolve any contract-related issues that arise.
• Coordinate with relevant departments to ensure information and cyber security contractual obligations are met.
• Facilitate successful business relationships and protect the interests of WTW ensuring the best information and cyber security terms and conditions in contracts and agreements.
• Interpret and explain contract terms and conditions to relevant stakeholders.

Qualified to degree level, preferably in a business, IT or security related subject7+ Years