Third Party Risk Assessor- 12 month fixed term contract

Willis Towers Watson
31 May 2021
21 Jun 2021
Contract Type
Full Time
Summary of Role
As a Third Party Assessor for Information and Cyber Security you will be working across Willis Towers Watson (WTW) providing a range of information security assurance activities covering:
Undertaking information security reviews for our third parties globally, who handle WTW and our client data, access our network and applications
Follow full security third party framework and the associated lifecycle events
Managing the third-party control assessments
Identify security control gaps in line with WTW framework
Propose security requirements for mitigation or remediation
Highlight cyber risks linking to GRC, SRM and ERM frameworks
Produce final risk reports outlining relevant information and final risk
Ensure any appropriate policy exceptions are raised by the owner and validate relevant gaps covered and include a remediation plan with clearly defined implementation dates
Agree ongoing fortification and check points with owner to review evidence and review risk
Keep records and data bases updated at all times with necessary status and checkpoints
Ensure all necessary Third-Party data classifications, regulations and compliance needs are met and tracked
Use automated risk assessment tool
In parallel to Third Party control assessments, ensure third party contract is reviewed and includes security clauses / schedule as appropriate based on service provision
Support Business Service owners with third party contract negotiations
This role resides in our Information & Cyber Security team within Corporate IT, reporting to the Head of Third Party Assurance, Information and Cyber Security. We are open to candidates located in the United Kingdom. The normal working base location will be Reigate or Ipswich with occasional visits to London.
The Role
You will be expected to have strong communication and stakeholder management skills, be highly organised and have good level of attention to detail.
The role is part of a wider team and you will therefore be a strong team player and be able to work in partnership with functions across assurance to achieve and end to end outcome related to third parties.
Will be of benefit if you have background of risk assessing Applications, software and servers.
You will be working in partnership with :
security client assurance
security consultancy and project assurance (Applications, software, servers)
security assurance performance management and metrics
wider security functions as necessary to achieve appropriate outcomes
critical interfaces across the business and technology that allow the team to be successful
The Requirements
You will have a passion for your work, a strong desire to learn and a real interest of information security - with an understanding of the positive impacts it can make to a business.
Ability to assess security and business risks, analysing and presenting critical risks and potential remediation activities to all levels of management within the business.
Experience of working within internal or external audit, either within a previous organisation or as part of a professional services firm is desirable.
Experience managing a team of security, assurance, and/or compliance professionals.
An ability to work across multiple business segments and contexts, and to understand that different teams will require different engagement approaches will be helpful.
Effective communication and stakeholder management skills are a core requirement for this role.
Information Security specific qualification is desirable (such as CISM, CISSP, MInstISP)
Equal Opportunity Employer