Willis Towers Watson Director of Cyber Security in London, United Kingdom

Director of Cyber Security

Date Posted: March 20, 2018


Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork


The Role

As part of the Information Security and IT Risk senior management team, you will lead the operations, management and rapid improvement of our global Cyber Defense Center to address evolving threats, monitor our network and data, and respond to incidents. You will lead the CDC and Application Security teams and work with business leaders, IT leaders, clients and partners to build an effective security capability including people, processes and new technologies to protect critical data and technology assets from advanced threats.

With exceptional technical knowledge, calm approach under pressure, and a genuine passion for security, you will also be an exceptional communicator, explaining out cyber defense posture and approach to clients, boards, regulators and committees.

  • You will deputize for the Chief Information Security Officer as required.

  • Manage the operational activities of the Cyber Defense Center & Incident Response teams and drive continuous improvement.

  • Ensure that logging and monitoring of network, application, system and business logs and data is appropriate, sufficient and effective to identify

  • Ensure effective threat awareness, and liaise with external bodies to maintain visibility of external threats and events what may impact Willis Towers Watson

  • Ensure that events are identified, triaged, assessed, escalated and resolved and root causes determined and addressed, following a risk based approach

  • Plan, design implement and execute regular incident readiness and response testing (red team / blue team, etc) involving IT, business partners and executive management.

  • Implement and deliver effective independent testing including external penetration testing and application security testing

  • Work across multiple functions to embed effective security controls and testing in the development lifecycle and technology change processes

  • Define and maintain effective global operational processes, policies and procedures ensuring that legal, regulatory and client requirements are met at all times

  • Identify and collate MI, and report to the CISO and business leaders on our cyber defense posture

  • Provide effective and response support to the global business, clients and partners

  • Share ownership of the overall strategy for Information Security & IT Risk

  • Identify, prioritize and lead delivery of cyber security change projects and improvements

  • Work closely with business leaders and other IT departments (notably IT Architecture, IT Operations) to ensure the effective design and operation of both business and technical controls.

  • Develop and implement proactive testing plans and lead the response to security incidents.

  • Effective management, development and support for the global team.

The Requirements

  • Leadership experience in Information Security, Security Operations or a closely related function, in a regulated enterprise environment or the large public sector organization

  • Experience of managing and developing a team of technical specialists, delivering control improvements, driving forward change and implementing strategic change projects.

  • Comprehensive understanding of security threats, risks and countermeasures and ability to apply in a practical context

  • Hands-on operational security experience combined with an ability to identify, design, architect and implement future state business and technology controls

  • Exceptional relationship management skills and an ability to communicate effectively at all levels of the organization

  • Strong team player with good interpersonal and influencing skills, and both business and technical credibility

  • Calm, organized and methodical with excellent analytical and problem solving skills.

  • Agile and responsive approach to meeting business, security and technology objectives and delivering continuous improvement.

  • Understanding of application security including dynamic testing, static code analysis, application penetration testing

  • Technical understanding including TVM, DLP, SIEM, perimeter security, content filtering, packet flows, IPS/IDS, etc.

  • Hold and maintain appropriate technical security and technology qualifications, such as OSCP, CEH. Likely to have degree in Computer Science and/or vendor qualifications such as CCNA, MCSE. Information security certifications such as CISSP, CRISC, CISM, IISP.

  • Thorough understanding of technical security countermeasures and awareness of external and internal threat landscape.

  • Experience of managing security incidents.

The Company

Willis Towers Watson is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas – the dynamic formula that drives business performance. Together, we unlock potential. Learn more at willistowerswatson.com.

Willis Towers Watson is an equal opportunity employer

Willis Towers Watson believes that effectively managing a diverse workforce is vital to our business strategy. We have an obligation to our organization, ourselves and our clients to hire and develop the best people we can find. We will continually review our policies and practices to ensure that all areas of the employment process (including recruiting, hiring, work assignments, compensation, benefits, promotions, transfers, company-sponsored development programs and overall workplace experience) are free from discriminatory practices. We are committed to equal employment opportunities at Willis Towers Watson.

Unsolicited Contact: Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson. Willis Towers Watson is an equal opportunity employer.


Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork


  • Share on Facebook

  • Share on Twitter

  • Share on Google+ Share on Pinterest

  • Share on Linkedin

  • Share by Mail


  • Location:London, England, GB

  • Date Posted:March 20, 2018