WTW - Third Party Assurance Assessor Role

Third Party Assurance Assessor Role

Job Summary : As ICS Third Party Assurance Assessor, you will be working with WTW's Lines of Business teams and Third Parties to assess the Information Security posture of our Third Parties, and the controls established within the Third Party's environment to protect the confidentiality and integrity of data provided to them as part of a partnership/engagement.

Need to have - Technical Skills

- Third Party risk management

- ITGC Controls

- Contract reviews

- Security Audits

- IS Governance and Compliance

- Information Security specific qualification (such as CISM, CISSP)

- Security and Privacy regulations

- Security Operations - Technical

- SOC2 reports and other security assessment report reviews

Responsibilities & Duties :

- Leading and coordinating the completion of Third-party assessment requests against WTW best practice and global standards and controls.

- Provide contract advice during third-party engagements

- Participate in Third Party contract reviews providing inputs for negotiating Information security clauses.

- Scheduling periodical re-assessment in line with standards and controls

- Agree scheduled checkpoints with the Third Party and WTW Service Owner on evidencing remediations and maintaining central repository, these are tracked through to closure.

- Providing comprehensive reporting across operational and security KPIs related to Third Party assurance activities and identifying gaps, risks and therefore mitigating actions and raise appropriate escalations for decision with Head of ICS Third Party Supplier Assurance.

- Providing risk-based assurance advice on all information security issues.

- Provide key information to leadership as input for prioritizing the future strategy for the organization

- Coordinate with the CISO Office and the Internal Audit function in order to coordinate the execution of internal and external audits and manage the delivery of the required remediation activities in a timely manner.

- Assisting and collaborating with Internal teams on Third Party security incidents investigation and response

- Assist in developing and continuously improve third party risk management frameworks and processes to help ensure that the information security controls outlined in the policies and standards are effectively applied by third party providers