Information Security Manager
Company: WTW
Location: Potomac
Posted on: August 3, 2022
|
|
Job Description:
WTW is looking for an Information Security Manager. The
candidate will be responsible for collaborating with all relevant
departments across Benefits Delivery and Administration (BDA)
teams. He or she should have the ability to analyze compliance and
control initiatives and to engage other team members in process
improvement projects. The individual must possess advisory/business
acumen and can proficiently assess security risk while considering
operational needs and adherence to regulatory requirement while
working collaboratively with the business and technology teams.The
manager will work closely with our Corporate Client Assurance team
to assist with documentation requests that support vendor,
internal, and third-party questionnaires. They will need to take a
support and contributor role in areas such as, but not limited to
client engagements, policies and standards, information security
audits and assessments (i.e., NYDFS, ISO 27001, SOC 1 and 2, HIPAA,
GDPR), risk assessments, data loss prevention, vulnerability
management, secure coding practices, cloud security standards
(i.e., Azure, AWS, Google Cloud, Oracle Cloud), information
security training and awareness, metrics/reporting and incident
management.The manager may also be actively involved in regulatory
reviews including HIPAA, EDE, SOC I & II. The candidate will work
with BDA Management to support and communicate security awareness
and risks. This position is also responsible for improving internal
controls and driving change within the organization, along with
leading a team of analysts. The manager will work closely with the
Information Security Analysts, Legal, and various technology and
compliance members across the organization.Note: Employment-based
non-immigrant visa sponsorship and/or assistance is not offered for
this specific job opportunity.**The Role**Key responsibilities:+
Provide input into business strategy to ensure that information &
cyber security is included as part of business change and security
portfolio to meet segment needs.+ Build and maintain effective
relationship with Business, Technology and Information & Cyber
Security stakeholders.+ Act as a point of contact for
co-ordination, remediation activities and onward escalation of
operational risks and issues affecting the business (e.g., Cyber
incidents, vulnerabilities, penetration testing, application
security, DAST SAST, etc.).+ Provide oversight of any
business-based information security controls and provide assurance
that those controls are operating effectively to local management.+
Engage with internal resources to maintain controls on an on-going
basis throughout the year.+ Assess and present risk to the business
when evaluating internal security exceptions.+ Participate as
subject matter expert of business applications security
questionnaires.+ Assist and respond to routine support requests
from the business and clients related to security, risk, privacy
and internal audit.+ Assist in the client contracting process,
providing support to legal resources, sales leaders, and line of
business leaders in negotiating line of business information
security, privacy and other requirements within contracts, and
service agreements.+ Carry out annual segment self-assessment and
flag security gaps to relevant stakeholders.+ Assess compliance
with information security strategies when migrating applications
into a cloud environment. Work with development and internal IT
teams to ensure compliance to WTW security standards.+ Manage and
oversee ad hoc projects related to enhancing information and cyber
security controls for business to meet compliance.**The
Requirements**+ Degree in a relevant Information Technology area
preferably with a focus on information security.+ Information
Security specific certification is desirable (such as CISM, CISSP,
CISA).+ Expert understanding of all aspects of information security
principles, policy and its application in business and technology
areas (at least 3-4 years of experience).+ Understanding of core
cloud security principles.+ Knowledge of risk assessment
methodologies and techniques and controls assurance techniques.+
Client focus: ability to engage positively with WTW clients and
business stakeholders.+ Knowledge and experience on supporting
information security audits.+ You will have a passion for your
work, a strong desire to learn and a real love of information
security - with an understanding of the positive impacts it can
make to a business.+ An ability to work across multiple lines of
business and contexts, and to understand that different teams will
require different engagement approaches.+ Effective communication
and stakeholder management skills are a core requirement for this
role.**_WTW may be subject to mandatory employment-related COVID-19
vaccination requirements. Therefore, to the extent any such
mandates apply, you may be required to certify and provide
documentation of full vaccination against COVID-19 if you are hired
in the U.S. If you accept an offer from WTW and are subject to a
mandate but are unable or unwilling to be vaccinated because of
medical reasons or sincerely-held religious beliefs, you may
request a medical or religious accommodation. If you require an
accommodation, the Company will evaluate your request and work with
you to identify reasonable alternatives to vaccination, if
available._**EEO, including disability/vets
(https://cdn-static.findly.com/wp-content/uploads/sites/1862/2022/02/08093340/EEO-Policies-for-WTW-Careers-site-2022-2.pdf)
Keywords: WTW, Potomac , Information Security Manager, Executive , Potomac, Maryland
Click
here to apply!
|