Control Resilience Assessor

**Position**:
**Control Resiliency Assessor**:
**Business Unit**:
Technology

**Job Family**:
Business Support

**Location**:
Mumbai

**Reporting to**:
Manager - Control Resiliency Team

**Job Level**:
**Job Summary**:
Willis Towers Watson has building their Information & Cyber Security (ICS) capabilities to cater to growing Information Security, Risk and Assurance needs of their business, clients and regulatory requirements. These capabilities cater to different verticals such as Strategy Governance, Risk & Compliance, Cyber Defence and Operations, ICS Architecture, Security Assurance. Mumbai is being developed as Security - Center of Excellence and is responsible as well accountable for the delivery of the services provided by the ICS function globally.

Control Resilience team is a part of Global Strategy Governance, Risk & Compliance vertical. Current role will support the delivery of projects related control testing in the areas of Information & Cyber Security, Technology, Infrastructure etc. Conducting design adequacy and operating effectiveness testing of on-prem and cloud controls associated with different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001, CCPA, NYDFS etc. with proven extensive knowledge in IT Auditing & Audit analytics. Providing appropriate recommendations on improvement of IT controls and processes.

You will work closely with Business, IT and Internal stakeholders to support the delivery of Control Resiliency assignments. Most importantly, you must be an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence and ensuring effective management of security risk.

**Principal Accountabilities**:
Manager or manager of people (to include number of reports) or individual contributor:

- Individual contributor

Geographic scope of role:

- Global

Budgetary and risk management responsibilities:

- N/A

Revenue responsibilities:

- N/A

Others:

- N/A

**Principal Duties/Responsibilities**:
Business As Usual
- Perform controls (On-prem & Cloud) including assessment of,
- Control design Adequacy
- Control Operating effectiveness
- Appropriate Recommendations to Control Owners
- Demonstrable knowledge on different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001 etc
- Establishing and operating processes and procedures for control testing
- Reporting and tracking on prem and cloud control gaps as well as ineffective or inadequate controls
- Coordination and tracking remediation activities being performed by control owners
- Taking initiatives and contributing to improvement of the Global Control & Compliance team activities
- Identify opportunities and recommendation to improve the design and implementation of controls
- Support control owners in the design and maintenance of controls and documentation
- Undertaking such other tasks and responsibilities as assigned by Manager
- Keep yourself up-to date with latest IS related regulation and standards

**Communications and Relationships**:
Internal:

- Other members of GRC & ICS teams
- IT Control Owners and teams
- Service Owners and Service Managers
- Other IT teams
- Project managers and teams

External:
n/a

**Competencies**:

- Global Business Knowledge
- Cross-Cultural Resourcefulness
- Cross-Cultural Agility
- Assignment Hardiness
- Cross-Cultural Sensitivity
- Humility
- Conflict Management
- Organizational Agility
- Customer Focus
- Integrity and Trust
- Personal Learning
- Self-Starter
- Problem Solving

**Required Qualifications, Skills, Knowledge, Experience**:
Qualifications:

- Information security qualifications (e.g. CISA, CISM, CISSP) are preferable.
- Interested in developing skills and knowledge of IT Risk Management, and willing to work towards appropriate professional qualifications, such as CISA
- Formal training in security, risk management or compliance is beneficial.
- Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate a strong awareness of technology and how IT is used to enable business processes.

**Skills**:

- Proven Auditing competency
- Strong IT and analytical skills
- Proactive rather than reactive
- Team player with good interpersonal skills
- Ability to work under pressure to tight timelines
- Organised and methodical
- Willing to challenge and desire to learn
- Good communication skills, both orally and in writing

Knowledge/Experience:
Essential
- Knowledge and understanding of IT Auditing and IT Risk concepts
- Knowledge and understanding of ERPs, Active Directory, SIEM, Identity Access Management, Privileged Access Management tools
- Experience of working in an analytical role, with an ability to interpret data, prepare reports and undertake business support activities.
- Experience working as part of a business support function such as Risk, Compliance or Information security in a large enterprise.

Beneficial
-