Job Information
WTW Cyber Security & Privacy Risk Assurer in Reigate, United Kingdom
We are looking for a Cyber Security and Privacy Risk Assurer to support the Technology division of the Insurance Consultancy and Technology (ICT) business unit in managing cyber security risk, particularly in its expanding SaaS portfolio. You will support the business by working with software delivery teams and platform teams to identify, quantify and manage privacy and cyber security risk in new products and by providing ongoing privacy and cyber security risk assurance of live products.
As a cyber risk assurer, you will:
Work with development teams to identify and document privacy requirements in new products;
Work with development teams to identify and document information security requirements in new products;
Work with development teams to ensure ongoing privacy and information security assurance through the life of a product;
Work with development teams to support privacy and information security assurance requirements through the sunsetting of a product;
Run Security Working Groups, to govern privacy and information security requirements, including tracking activity and liaising with software delivery teams;
Support the development and maintenance of a knowledge base of security features and provisions within products;
Support the development and production of management information;
Develop and maintain a good working knowledge of the applications developed in ICT and the Azure environment within which they are developed and operated.
Support other information security work as required
The essential skills / experience for this position are:
• Experience of working in a similar cyber security role within Governance, Risk and Compliance;
• Good understanding of cyber security concepts, controls and cyber risk management;
• Good understanding of software applications and networks;
• Broad understanding of international privacy and security requirements and standards, such as GDPR, SOC2 and ISO27001;
• Good analytic thinking, written and oral skills;
• A desire to work closely and co-operatively with software developers, platform managers, operations teams and all those critical to the development and running of desktop and SaaS products
Desirable skills / experience for this position are:
• Experience of working in DevSecOps environments
• Experience of working in the Cloud environment with Cloud controls
• Experience of being part of a team of security, assurance, and/or compliance professionals
• Information Security specific qualifications (such as CISM, CISSP, CISA)
• Degree in a relevant Business or Information Technology area
• Experience of working within internal or external audit, either within a previous organisation or as part of a professional services firm is desirable.
(ICTTECH SD2024_03R)