WTW is looking for an Information Security Manager. The candidate will be responsible for collaborating with all relevant departments across Benefits Delivery and Administration (BDA) teams. He or she should have the ability to analyze compliance and control initiatives and to engage other team members in process improvement projects. The individual must possess advisory/business acumen and can proficiently assess security risk while considering operational needs and adherence to regulatory requirement while working collaboratively with the business and technology teams.
The manager will work closely with our Corporate Client Assurance team to assist with documentation requests that support vendor, internal, and third-party questionnaires. They will need to take a support and contributor role in areas such as, but not limited to client engagements, policies and standards, information security audits and assessments (i.e., NYDFS, ISO 27001, SOC 1 and 2, HIPAA, GDPR), risk assessments, data loss prevention, vulnerability management, secure coding practices, cloud security standards (i.e., Azure, AWS, Google Cloud, Oracle Cloud), information security training and awareness, metrics/reporting and incident management.
The manager may also be actively involved in regulatory reviews including HIPAA, EDE, SOC I & II. The candidate will work with BDA Management to support and communicate security awareness and risks. This position is also responsible for improving internal controls and driving change within the organization, along with leading a team of analysts. The manager will work closely with the Information Security Analysts, Legal, and various technology and compliance members across the organization.
Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity. The Role
- Provide input into business strategy to ensure that information & cyber security is included as part of business change and security portfolio to meet segment needs.
- Build and maintain effective relationship with Business, Technology and Information & Cyber Security stakeholders.
- Act as a point of contact for co-ordination, remediation activities and onward escalation of operational risks and issues affecting the business (e.g., Cyber incidents, vulnerabilities, penetration testing, application security, DAST SAST, etc.).
- Provide oversight of any business-based information security controls and provide assurance that those controls are operating effectively to local management.
- Engage with internal resources to maintain controls on an on-going basis throughout the year.
- Assess and present risk to the business when evaluating internal security exceptions.
- Participate as subject matter expert of business applications security questionnaires.
- Assist and respond to routine support requests from the business and clients related to security, risk, privacy and internal audit.
- Assist in the client contracting process, providing support to legal resources, sales leaders, and line of business leaders in negotiating line of business information security, privacy and other requirements within contracts, and service agreements.
- Carry out annual segment self-assessment and flag security gaps to relevant stakeholders.
- Assess compliance with information security strategies when migrating applications into a cloud environment. Work with development and internal IT teams to ensure compliance to WTW security standards.
- Manage and oversee ad hoc projects related to enhancing information and cyber security controls for business to meet compliance.
WTW may be subject to mandatory employment-related COVID-19 vaccination requirements. Therefore, to the extent any such mandates apply, you may be required to certify and provide documentation of full vaccination against COVID-19 if you are hired in the U.S. If you accept an offer from WTW and are subject to a mandate but are unable or unwilling to be vaccinated because of medical reasons or sincerely-held religious beliefs, you may request a medical or religious accommodation. If you require an accommodation, the Company will evaluate your request and work with you to identify reasonable alternatives to vaccination, if available.
- Degree in a relevant Information Technology area preferably with a focus on information security.
- Information Security specific certification is desirable (such as CISM, CISSP, CISA).
- Expert understanding of all aspects of information security principles, policy and its application in business and technology areas (at least 3-4 years of experience).
- Understanding of core cloud security principles.
- Knowledge of risk assessment methodologies and techniques and controls assurance techniques.
- Client focus: ability to engage positively with WTW clients and business stakeholders.
- Knowledge and experience on supporting information security audits.
- You will have a passion for your work, a strong desire to learn and a real love of information security with an understanding of the positive impacts it can make to a business.
- An ability to work across multiple lines of business and contexts, and to understand that different teams will require different engagement approaches.
- Effective communication and stakeholder management skills are a core requirement for this role.
EEO, including disability/vets ()