DESCRIPTION

As the Information Security Associate within the Business Security Operations (BusSecOps) team, you will be responsible for implementing and maintaining information & cyber security practices across WTW.
Candidate would be required to gain a high-level of knowledge and understanding of critical technology applications and security standards. You will need to take a leadership role in building security testing framework for web-based applications which includes Threat Profiling, DAST, SAST, Security Architecture, and Penetration testing. In this role, you are expected to understand the organization’s information & cyber security strategy and standards while working collaboratively with technology teams to implement and maintain sound security practices.
This role resides in our Information & Cyber Security (ICS) team within Corporate IT.

THE REQUIREMENTS

• 5+ years of experience in Information Security.
• Degree in a relevant Information Technology area preferably with a focus on information security
• Significant experience in managing and patching vulnerabilities across a host of assets
• Expert understanding of all aspects of information security principles, policy and its application in business and technology areas
• Understanding of core cloud security principles
• Knowledge and experience on supporting information security audits
• Client focus: ability to engage positively with WTW clients and business stakeholders.
• Information Security specific certification is desirable (such as CISM, CISSP, CISA, CEH)
  WTW is an Equal Opportuntiy Employe

• Build and maintain effective relationship with technology teams and ICS stakeholders
• Foster a culture of information and cyber security best practices though awareness and support
• Stay up to date with the latest application security developments and security trends to continually improve internal processes
• Hold good understanding of Application & Infrastructure testing methodology & support development teams in the remediation of vulnerabilities
• Work with development teams to improve the secure software development lifecycle
• Engage in information security activities to support client/business engagements i.e., incidents, vulnerabilities, development lifecycles, risk management and emerging threats
• Ability to coordinate and execute security testing for applications and cloud environments
• Engage with key stakeholders to support internal and external audit activities to ensure compliance with regulations such as: SOC, FCA, NYDFS, GDPR, HIPAA
• Demonstrate a good understanding of security regulations and data privacy laws
• Support the risk identification & exceptions management process
• Manage and oversee adhoc projects related to maturing information and cyber security controls across the organization