Information Security Operational Risk Analyst

Ipswich, ENG, GB, United Kingdom

Job Description

Description


---------------



Secure Partnerships. Strengthen Enterprise Resilience.




WTW's Technology and Cyber Risk, Controls & Regulatory

Engagement function is seeking a skilled

Information Security Operational Risk Analyst

to help manage and oversee

cybersecurity risks related to our third-party vendors.





In this role, you'll serve as the vital link between day-to-day operational security monitoring and strategic risk oversight for third-party relationships. You'll be responsible for

identifying, assessing, and supporting the mitigation of cybersecurity threats

that may arise from

external vendor environments

--contributing directly to the strength and resilience of WTW's overall risk posture.



If you're analytical, detail-oriented, and passionate about protecting organisations from third-party cyber threats, this is your opportunity to make a meaningful impact in a global environment.


The Role





This role will support the ongoing operations of WTW Technology and Cyber Risk and Controls & Regulatory engagement function in:


Monitoring third-party environments for security incidents, suspicious behavior and policy violations. Perform security risk assessments on vendors and service providers based on threat intelligence and business context. Collaborate with procurement, legal and risk teams to onboard vendors with appropriate security controls and risk mitigations strategies Triage and respond to incidents that have the potential to impact business through third party channels Contribute to and improve the risk management framework through incident and operational insights. Maintain metrics and reports on vendor risk exposure and control maturity. Conduct thorough security assessments of suppliers to identify potential risks and vulnerabilities. Collaborate with suppliers to develop and implement risk mitigation plans. Monitor and review supplier compliance with information security requirements. Provide guidance and support to internal teams on supplier risk management practices. Stay up to date with the latest information, security trends, threats, and technologies. Report on supplier risk management activities. Ensure compliance with relevant regulations, standards, and industry best practices.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a "hybrid" style, with a mix of remote, in-person and in office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and "hybrid" is not a one-size-fits-all solution. We understand flexibility is key to supporting an inclusive and diverse workforce and so we encourage requests for all types of flexible working as well as location-based arrangements. Please speak to your recruiter to discuss more.



Qualifications


------------------



The Requirements




Strong experience in technology role with proven experience of supplier risk management (for example, in projects, technical SME areas etc.). Hold professional qualifications in a related subject for example, CRISC, CISSP, CISM, CISA Experience of working within a global financial organization. Knowledge and experience of Governance, Risk and Controls framework and related processes. Familiarity with third party risk management frameworks (NIST, ISO27036, SIG) Experience of implementations using Agile approach and practices. Experience of technology, cyber risk and supplier risk management. Experience and thorough understanding of technology and cyber controls processes. Attention to detail and a pre-emptive approach to identifying and mitigating risks. Ability to assess and manage information security risks effectively Detail-oriented and capable of delivering at a high level of accuracy. Proven ability to prioritize conflicting deadlines and priorities and respond quickly to changing priorities. Able to interpret & present data and information in the appropriate format for different audiences. Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO etc.) Ability to translate technical security findings into business risk impacts Proven experience in cybersecurity preferably in SOC or threat response team. Ability to work as part of a team or solo. Excellent Communication skills, especially written English Strong stakeholder management The ability to foster and grow relationships, constructive challenges and negotiation skills. Experience of working in a live operational environment with an understanding of the impact of policy adherence is desirable.

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.



We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.



You don't need to have an account in ATS to apply for the jobs. Once you click apply, get started right away by simply using your email. Your profile will be created and kept up to date automatically as you enter details for each of your job applications.

Beware of fraud agents! do not pay money to get a job

MNCJobs.co.uk will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Related Jobs

Job Detail

  • Job Id
    JD3500793
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Ipswich, ENG, GB, United Kingdom
  • Education
    Not mentioned