Security Risk Assessor - Reigate, United Kingdom - Willis Towers Watson

Willis Towers Watson

Verified Company

Reigate, United Kingdom

4 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Security Risk Assessor

Reigate, GB

May 12, 2023

We are looking for a Cyber Risk Assurer to support the Technology division of the Insurance Consultancy and Technology (ICT) business unit in managing cyber security risk, particularly in its expanding SaaS portfolio.

You will support the business in completing security questionnaires sent by Clients and prospective clients and by working with software delivery teams to identify, quantify and manage cyber security risk

As a cyber risk assurer, you will:

Work with development teams to identify cyber security risks, agree management of those risks and proactively monitor risks and agreed remediations;
Respond to client security questionnaires and RFPs promptly, consistently and accurately;
Develop, support and maintain the knowledge database of products within the RFP tool, Loopio;
Support audit compliance work, particularly with the identification, gathering and maintenance of evidence libraries for client audits and international standards audits
Support the development and running of Security Working Groups, including tracking activity and liaising with software delivery teams;
Development and production of management information and monthly reports;

The essential skills / experience for this position are:

Experience of working in a similar cyber security role within Governance, Risk and Compliance;
Strong familiarity with responding to cyber security questionnaires and RFPs, and with using and maintaining tools to facilitate this process;
Good understanding of cyber security concepts, controls and cyber risk management;
Broad understanding of international security standards, such as SOC2, ISO27001, and of related legislation and regulation, such as GDPR;
Good analytic thinking, written and oral skills;
A genuine interest in cyber security, and a desire to learn more;
A desire to work closely and cooperatively with software developers, platform managers, operations teams and all those critical to the development and running of desktop and SaaS products

Desirable skills / experience for this position are:

Experience of working in DevSecOps environments
Experience of working in the Cloud environment with Cloud controls
Experience of being part of a team of security, assurance, and/or compliance professionals
Information Security specific qualifications (such as CISM, CISSP, CISA)
Degree in a relevant Business or Information Technology area
Experience of working within internal or external audit, either within a previous organisation or as part of a professional services firm is desirable

(ICT_TECH SD_2023_05)