Information Security Engineer - CISO (6-12 yrs)

Job Summary :

Experience in Information Security or related roles and a demonstrable interest in security, compliance, and risk management, you will support the CISO and Information Security Officers in undertaking a range of activities as part of the global Information Security team.

An understanding of information security best practices and experience in a relevant security role (operations, assurance, risk management or technical) would be beneficial, as would any familiarity third party security oversight / assurance, or IT principles and techniques appropriate to large enterprises such as IT service delivery, development, networks and systems, data centre operations; cloud services; networking, software development processes, or change management.

Most importantly, you must be an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence of the Information Security function and ensuring effective management of security risk.

Specifically, this role is required to provide security advice and guidance to projects and change within WTW to ensure that business and technology solutions are secure.

Roles & Responsibilities :

Security Consultancy / Project Risk Assessments :

- Engage on projects and programs outside of the Information Security Programme.

- Engage with different global information security teams while working on projects.

- Keep abreast with latest industry trends, current attack techniques, threat intelligence.

- Recommend improvements towards the maturity of the process.

- Recommend improvements for IS control effectiveness.

- Develop and maintain project risk management knowledge documentation.

- Support and maintain corporate project risk management mailbox.

- Support and maintain corporate global project risk management tracker.

- Analyze reports to identify potential issues related to data and propose solutions.

- Work with limited supervision to develop and implement regular improvements in project risk assessments process.

- Performs other related duties as assigned.

- Delivering assigned elements of security program.

- Supporting new security tool implementation.

- Conduct review of security requirements for projects.

- Be single point of contact for projects and work activity on connected workforce approach.

- Agree appropriate security controls for projects and assist business teams in implementation phase.

- Produce risk statements of the compliance of projects against applicable controls and give approval advice for solutions to go live.

- Check on security requirements evidences if necessary.

- Connect with different information security teams as per requirement of the projects.

- IS Enquires and Guidance / Information Security Advisory

- Supporting business requirements by responding to enquiries which come via information security mailbox or Service Now tool.

- Working independently on advisory requests to provide advisory services to queries raised by the business.

- Ensure tracking and timely closure of requests, enquiries within agreed SLA's.

- Liaise with different subject matter experts and accordingly provide solutions/suggestions/guidance on the Information security concerns/questions.

- Undertaking such other tasks and responsibilities as assigned by the CISO

- Third Party Information Security Contract Review

- Review and negotiate terms and conditions of contractual clauses as they pertain to information and cyber security

- Draft contractual agreements and revise existing contracts.

- Drive standardization of information security contractual clauses with the suppliers based on services they provide

- Support supplier information security risk management processes in relation to contractual -agreement

- Participate in contract negotiation of information security clauses

- Provide advice and clarification on contract terms and conditions to key stakeholders including information and cyber security teams, procurement, legal, compliance, WTW supplier risk management

- Maintain and update standard contractual documentation as they pertain to information -security

- Resolve any contract-related issues that arise.

- Coordinate with relevant departments to ensure information and cyber security contractual obligations are met.

- Facilitate successful business relationships and protecting the interests of WTW ensuring the best information and cyber security terms and conditions in contracts and agreements.

- Interpret and explain contract terms and conditions to relevant stakeholders.