Willis Towers Watson Information Security Analyst, Supplier Risk Management in Philadelphia, Pennsylvania

Information Security Analyst, Supplier Risk Management

Date Posted: April 19, 2018


Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork


The Role

The Information Security Analyst within our Supplier Risk Management team will work closely with Willis Towers Watson’s Lines of Business teams and Suppliers to assess the Information Security posture of our suppliers, and the controls established within the supplier’s environment to protect the confidentiality and integrity of data provided to them as part of a partnership/engagement. In this position, the Information Security Analyst will be responsible for leading and coordinating the completion of requests assigned, utilizing the different tools and resources to complete the supplier due diligence process. The Information Security Analyst will identify trends, follow up with supplier and internal stakeholders on the status of the remediation plan for any gaps identified as part of the assessment, and provide key information to leadership as input for prioritizing the future strategy for the organization. This is a great opportunity to work in a global role, supporting the breadth of the organization. We are looking for an individual with strong customer oriented skills who is organized, thorough and has the desire to work in a challenging environment. Information security background, certifications and experience are a plus.

  • Responsible for conducting information security assessments on Willis Towers Watson’s suppliers, determining their information security posture and identifying any risk/exposure associated with partnering with a supplier

  • Analyze supplier security controls against Willis Towers Watson policies, standards and industry best practice guidelines (ISO, NIST)

  • Create assessment reports and summaries to document supplier controls, including any remediation plans discussed and subsequently following up with the supplier to get status updates on agreed remediation plan / timelines

  • Work with internal stakeholders to get approval on assessment report and escalate to risk exception team, as necessary

  • Support a global function within Willis Towers Watson’s Information Security Group

  • Responsible for working and collaborating with internal Lines of Businesses, Suppliers, and our external partners

  • Facilitate completion of supplier security assessments; manage requests, follow up on remediation status related to identified gaps and manage internal mailbox

  • Work with internal subject matter experts to understand controls in the area of IT, Infrastructure, Supplier Risk Management, Cyber Defense, and Application Security and use that information to understand a supplier’s controls / gaps

  • Help senior team members with contract negotiations, assessments and reporting to leadership

  • Identify areas of process improvements in the support model and implement process enhancements

  • Create process documents, guides and procedures

  • Track audit findings, and commitments, by aligning them to Willis Towers Watson’s key control areas

  • Create metrics to report current status on assessments, help identify information security trends that will determine future priorities and strategies     

The Requirements

  • Demonstrated ability to prioritize multiple requests

  • Ability to communicate effectively with all business levels internally and externally

  • Capable of communicating security-related concepts to a broad range of technical and non-technical individuals as well as understanding new technologies quickly

  • Proficient in Microsoft Office suite of applications

  • Ability to manage projects working with a diverse group of individuals across multiple geographies

  • Customer focus with ability to follow up with subject matter experts within constraints to meet deadlines for deliverables

  • Familiarity with ISF SoGP, ISO 27001, NIST, and other guidelines on information security controls

  • Certifications in one of more of the following is a plus, but not required: Certified Information Security Auditor (CISA), Certified Information Systems Security, Professional (CISSP) or Certified Information Security Manager (CISM)

  • This position will report directly to the Global Manager of Supplier Risk Assessment.

The Company

Willis Towers Watson is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas – the dynamic formula that drives business performance. Together, we unlock potential. Learn more at willistowerswatson.com .

Willis Towers Watson is an equal opportunity employer

Willis Towers Watson is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, age, status as a protected veteran, or disability.

Equal Employment Opportunity: Know your rights. at http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf

Unsolicited Contact : Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson. Willis Towers Watson is an equal opportunity employer.


Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork


  • Share on Facebook

  • Share on Twitter

  • Share on Google+ Share on Pinterest

  • Share on Linkedin

  • Share by Mail


  • Location:Philadelphia, PA, US

  • Date Posted:April 19, 2018