Willis Towers Watson Information Security Global Risk Manager in Ipswich, United Kingdom

Information Security Global Risk Manager

Date Posted: June 12, 2018


Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork


Summary of Role

The responsibility of the Information Security Global Risk Manager is to embed a culture of information security (InfoSec) risk management within an organisation.

This involves the development, and monitoring of InfoSec risk policies, methodology and tools, in line with best practice, company or group policies, and, of course, legal/regulatory requirements. Specifically the role, involves;

  • Advising senior management on the identification of InfoSec risks and escalating options/decisions when appropriate.

  • Train and motivate staff in the use of InfoSec risk management techniques/tools

  • Engage and work with compliance and audit professionals.

Willis Towers Watson is transforming its security capabilities with an executive sponsored, multi-year programme of security improvements. To that end, you will use your experience, knowledge and demonstrable enthusiasm for security to contribute to the delivery and maintenance of Willis Towers Watson Group’s security posture, policies, controls and processes as part of the Information Security project team.

The Role

General daily responsibilities and accountabilities would generally revolve around:

  • Perform/coordinate InfoSec risk identification and assessment in business units.

  • Implement strategic plan to prevent, eliminate and mitigate InfoSec risks.

  • Assist risk management analysts in development of key risk and control indicators.

  • Coordinate with senior management in performing InfoSec risk reviews.

  • Track and monitor InfoSec risk issues for business units/corporate functions.

  • Report InfoSec risk issues and decisions to CISO on regular basis.

  • Investigate root causes of InfoSec risks and provide support to operational functions/IT to mitigate risk.

  • Develop strong relationships with key stakeholders and business partners by addressing issues/concerns in timely manner.

  • Maintain documentation for InfoSec risk management policies and procedures.

  • Keep abreast of latest InfoSec risk management techniques and industry best practices.

Business As Usual (60%)

  • You will be responsible for maintaining and updating the firms InfoSec risk governance and control arrangements, taking into account regulatory guidance and developments in corporate governance.

  • The role includes managing the firm’s InfoSec risk across all risk drivers, incorporating the identification, assessment and reporting of risks and maintaining the Group’s InfoSec risk register.

  • You will support the business in the development of risk mitigation and action plans, and monitor progress thereafter. The InfoSec Risk Manager provides assurance to the CISO as to the effectiveness of management processes and management information. In addition, you will be required to:

-support the development and updating of InfoSec policy and risk appetites;

-prepare reports for consideration by executive management and Board;

-support the delivery of projects and initiatives, undertaking detailed risk analysis for new products and amendments to existing services

Project / Change (40%)

  • Supporting project delivery streams with InfoSec risk mgt guidance and delivery input. For example, productions of InfoSec standards, risk assessment approach tools.

  • Document requirements and business specifications for any risk management systems

  • Review of vendor documentation to ensure fit to business needs.

  • Reporting and escalating issues to the Project Manager, Programme Manager, CISO or business owner as appropriate.

The Requirements



• Demonstrable knowledge and understanding of Information Security Risk and specific experience of:

o writing or reviewing security policies and controls

o standards alignment

o assessing and supporting the implementation of security controls

o identity and access management

o security training & awareness

o data loss prevention programmes

o incident management

o Risk MI & Reporting

• Supporting the delivery of security change programmes

• Experience of working with IT functions

• Experience of working with a high degree of autonomy, managing own workload and delivering to tight timescales.

• Experience of working in a regulated environment, not necessarily insurance or financial services.


• Insurance domain knowledge

• Experience of carrying out a software package selection (including RFI & RFP process)

• Any information security or project management related qualifications are beneficial.


Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork


  • Share on Facebook

  • Share on Twitter

  • Share on Google+ Share on Pinterest

  • Share on Linkedin

  • Share by Mail


  • Location:Ipswich, England, GB

  • Date Posted:June 12, 2018