Head of Information security 3rd party risk management and assessments

When you join us, you make the decision to be a part of a leading global people, risk and capital company. We offer a rewarding and challenging environment. You will work with interesting people on exciting assignments. And there is always something new to learn. Working at WTW has its rewards. Not only do we get to collaborate with talented colleagues and work with great clients, we are offered competitive total rewards programs that align with our values. Some of our benefits & perks:
- Hybrid working
- Competitive rewards
- Work life balance
- Industry leading healthcare
- Savings and investments
- Educational resources
- Maternity and paternity leaves
- Opportunity to network and connect
- Corporate discounts on products and services
- Generous time off

• Leading the function in support of 3rd party information security risk management and assessments
• Managing the full lifecycle of third-party assessments and meeting mandatory requirements across standards
• Leading the implementation of capability to enable understanding of external information security posture for key suppliers in correlation of services we consume 
• Leading information security 3rd party risk management processes in alignment to established practices
• Maintain overall assessment process and improvements
• Manage team of 3rd party information security assessors; run regular sessions with your team to quality review third parties security risk and ensure appropriate processes followed to gain remediation plans
• Ensure full review of security gaps, risk and potential exposures are identified
• Manage escalations of third parties risk for acceptance and/ or decisions
• Create consistent and accurate data reporting to identify trends and emerging risks across third parties and business segments
• Develop strong relationships with key influencers across business, technology and third parties
• Drive recommendation for updates to the third party standard and controls 
• Support development of change activities and programs to be planned to close security gaps
• Manage any regulatory, audit and other mandatory requirements pertaining to supplier information security

Degree in a relevant Business or Information Technology area

Third Party information security risk managementAdvanceITGC ControlsAdvanceContract reviewsIntermediateSupplier information security assessment AdvanceIS Governance and ComplianceAdvance  Information Security specific qualification (such as CISM, CISSP)Advance Security and Privacy regulationsAdvanceSecurity Operations – TechnicalIntermediateSOC2 reports and other security assessment report reviewsIntermediate