This job has ended. Find similar jobs.

Risk Management Executive - Cyber Risk

Posted 27 April by Willis Towers Watson Ended


Working as part of the WTW GB Risk Management team, you will provide direct support in the identification, analysis and evaluation of the cyber and information security threats that exist across a range of clients operating in different industry sectors. In addition, you will also provide advice and guidance on risk mitigation, recommendations on controls and strategic direction where appropriate in order to support our clients.

The Role

  • Assist or lead in the analysis of information risks either at a system, platform or organisational level, (including risk identification, assessment and analysis), consideration of suitable risk mitigation strategies, and assessment and evaluation of client compliance with control requirements
  • Work in tandem with clients, Account Directors and other key stakeholders to interpret the impact of the threats identified and assist in the understanding of information risk exposures
  • Provide guidance and support to clients in the development and implementation of risk management controls, including guidance on both technical and non-technical security controls
  • Identify solutions based on client need for the continuous improvement in risk and information security to enable them to achieve 'risk excellence in governance and compliance
  • Leading and supporting risk management colleagues and account teams in the development of cyber risk registers and associated cyber risk profiles
  • Identifying, analysing and evaluating exposures and compliance with a client’s IT Security framework, data handling and storage processes, and information security infrastructure
  • Evaluating IT Governance & Compliance services at an operational, tactical and global level
  • Providing support on policies / standards management and any related exceptions management processes, and providing support for the implementation and interpretation of new standards
  • Reviewing the suitability of existing cyber risk control measures in place including systems, tools or processes in use and providing advice and guidance on any proposed controls or industry best practiceThe Requirements
  • Degree level or similar qualification in computer science or information security-related field or equivalent e.g. CISSP, CISM and ISO 27001 Lead Implementer’
  • Professional experience including IT audit, IT risk management, IT security, information governance, operational policies and/or similar compliance functions
  • A good understanding of IT systems security in a mainframe and client server environment, including related IT Security Architectures and experience with security assessments
  • Detailed knowledge of current trends and developments in information security
  • Subject matter expertise in information security risk management, governance and/or compliance
  • Ability to take a holistic view of information security issues and make risk judgements across the relevant scope
  • Strong understanding of business and technical information security concepts and controls
  • Experience in writing or updating information assurance operating policies and compliance guidelines
  • Ability to articulate security advice directly to key stakeholders, including up to CIO or IT Director level with clients
  • Delivery of security assessments and audits and proven knowledge of control frameworks such as CobiT, ISF, ISO 27001, IT SOX, ISF, PCI DSS, etc.
  • Engaging with a client’s information security, compliance, risk, e-commerce, insurance, applications, database, etc. teams to provide perspective on compliance posture and risk exposures
  • Experience of working in a corporate environment with complex clients
  • Practical knowledge and application of risk management techniques and tools including software programmes desirable
  • Able to work on own initiative and have good organisational skills
  • Good understanding of cyber insurance products highly desirable
  • Relevant experience of managing stakeholders at senior level and actively engaging with remote business units
  • High level of attention to detail
  • Ability to communicate effectively both internally and externally at all levels
  • Solid experience gained in a corporate strategic environment

The Company

Willis Towers Watson is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas - the dynamic formula that drives business performance. Together, we unlock potential. Learn more at Towers Watson is an equal opportunity employer Willis Towers Watson believes that effectively managing a diverse workforce is vital to our business strategy. We have an obligation to our organization, ourselves and our clients to hire and develop the best people we can find. We will continually review our policies and practices to ensure that all areas of the employment process (including recruiting, hiring, work assignments, compensation, benefits, promotions, transfers, company-sponsored development programs and overall workplace experience) are free from discriminatory practices. We are committed to equal employment opportunities at Willis Towers Watson.Unsolicited Contact: Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization....

Reference: 34994800

Bank or payment details should not be provided when applying for a job. is not responsible for any external website content. All applications should be made via the 'Apply now' button.

Report this job