Third Party Risk Assurance

aJob Title

Third Party Assurance Analyst, Information and Cyber Security

Segment

Corporate

Line of Business

Corporate IT

Geography

International

Country

Mumbai

WTW Career Level

63

Function

Technology

Shift Timing

1.30pm - 10.30pm IST

**Summary of Role
As Information and Cyber Security Third Party Assurance Analyst you will be working with Willis Towers Watson's Lines of Business teams and Third Parties to assess the Information Security posture of our Third Parties, and the controls established within the Third Party’s environment to protect the confidentiality and integrity of data provided to them as part of a partnership/engagement.

This role resides in our Information & Cyber Security team within Corporate IT. Task allocation and reporting to the Head of ICS Third Party Assurance and for people management aspects will report to the Mumbai team leader allocated. The normal working base location will be Mumbai.


**The Role**

You will be responsible at a day to day level for:

- Leading and coordinating the completion of Third-party assessment requests against WTW best practice and global standards and controls.
- Utilizing the different tools and resources to complete the Third-Party due diligence process.
- Participate in Third Party contract reviews providing inputs tor negotiating Information security clauses.
- Agrees scheduled checkpoints with the Third Party and WTW Service Owner on evidencing remediations and maintaining central repository, these are tracked through to closure.
- Scheduling periodical re-assessment in line with standards and controls
- Providing comprehensive reporting across operational and security KPIs where Third party related and identifying gaps, risks and therefore mitigating actions and raise appropriate escalations for decision with Head ICS Supplier Assurance.
- Provide key information to leadership as input for prioritizing the future strategy for the organization
- Proposing operational improvements and services.
- Providing risk-based assurance advice on all information security issues.

**The Requirements**
- Degree in a relevant Business or Information Technology area.
- Information Security specific qualification is desirable (such as CISM, CISSP)
- You will have a passion for your work, a strong desire to learn and a real love of information security - with an understanding of the positive impacts it can make to a business.
- Ability to assess security and business risks, analysing and presenting critical risks and potential remediation activities to all levels of management within the business.
- Experience of working within internal or external audit, either within a previous organisation or as part of a professional services firm is desirable.
- Experience managing a team of security, assurance, and/or compliance professionals.
- An ability to work across multiple business segments and contexts, and to understand that different teams will require different engagement approaches will be helpful.
- Effective communication and stakeholder management skills are a core requirement for this role.
- 3 to 5 years of experience / background in information security, information security auditor, IT audits and/or previous roles as a business information security officer is a plus.
- Demonstrated ability to prioritize multiple requests.

**The Company**

**Willis Towers Watson is an equal opportunity employer**

Willis Towers Watson believes that effectively managing a diverse workforce is vital to our business strategy. We have an obligation to our organization, ourselves and our clients to hire and develop the best people we can find. We will continually review our policies and practices to ensure that all areas of the employment process (including recruiting, hiring, work assignments, compensation, benefits, promotions, transfers, company-sponsored development programs and overall workplace experience) are free from discriminatory practices. We are committed to equal employment opportunities at Willis Towers Watson.