Senior Security Solutions Expert

Information Security team aims at protecting WTW, our colleagues and our client’s confidential information by assuring its handled securely. This role would be a part of the Cyber Offense pillar. ICS Cyber Offense team provides security consultancy & advisory, vulnerability management, penetration testing, and red teaming services for WTW technology and projects.

The Role 

As the Senior Security Solutions Expert within the Information and Cyber Security group, you will be responsible for managing and providing technical security solutions and supporting architecture advisory services to WTW’s Line of Business teams globally. You will define and prototype security mechanisms and contribute to create cloud patterns aligning with security practices, policies defined by the organization.

In this position, you will be responsible to develop, review, and provide recommendations for new and existing security architecture designs. You will need to partner with enterprise architects, security consultants, system owners etc. to incorporate security architecture into the broader enterprise framework. The Senior Security Solutions Expert would work to develop an integrated view of the security controls in place throughout the organization using a repeatable approach, cohesive framework, and alignment with industry standards and best practices.

This is a great opportunity to work in a global role, supporting the breadth of the organization. We are looking for an individual with strong technical skills who is organized, thorough and has the desire to work in a challenging environment. 

•    Develop and implement comprehensive security architectures, frameworks, and strategies to protect our organization's information assets, both on-prem and in public cloud. 
•    Support the development of reference architectures, blueprints, patterns, etc.
•    Ensure that IS and cyber security architecture/designs, plans, controls, processes, standards, policies, and procedures are aligned with IS standards and overall IS and cyber security.
•    Design, engineer, and implement security solutions that align to a defense-in-depth strategy while also meeting business requirements and processes.
•    Collaborate with ICS Leadership team on security roadmap and strategic initiatives.
•    Collaborate with peers across the ICS portfolio to manage dependencies, priorities, integrations and change impacts on people, processes and/or technology.
•    Partner with technical teams (Architects, Cyber Offense, Cyber Defense, Security Operations, etc.) to assist in creating solutions that balance business requirements with information and cybersecurity requirements in alignment with company's standards and risk appetite.
•    Work closely with the Security Consultants on technology projects to review and analyze solution designs and provide inputs on the same. 
•    Responsible for understanding group priorities and help with the achievement of priorities within established timelines.
•    Have the ability to step in and pick up the workload and see it through to completion.
•    Bring powerful analysis to issue and have a roving eye for detail and use an intelligent mix of logic and intuition in decision making and judgement.
•    Build and expand internal relationships with key groups and stakeholders, creating efficiencies for any dependencies.
•    Help in the creation of process documents, guides and procedures, appropriate tools, templates, that will help create efficiencies and improve the Cyber Offense function.

The Requirements 

•    Experience using architecture methodologies.
•    Experience in defining security architecture across cloud platforms (Preferably Azure).
•    A track record in designing architecture blueprints and managing information security risks, driving forward development.
•    Strong network engineering and server architecture awareness.
•    Strong understanding of network security technologies, included and not limited to:
-    Reviewing firewall rules 
-    Reviewing Security Architecture best practices
-    Knowledge of Cloud network implementation including Network Security Groups
-    Reviewing network security diagrams to advice on any improvements to security posture.
•    Experience in designing, implementing Secure Development frameworks.
•    Knowledge of several information security related technologies such as SIEM, APT, DLP, VA, PKI, IDAM, PIM, MDM, etc.
•    Knowledge of current threats and evolving attack vectors.
•    Experience in Azure application security architecture and deployments.
•    Strong foundation across Microsoft Azure technology stack.
•    Standardizing Azure Security best practices, processes, and procedures.
•    Experience in consulting (preferred).
•    Ability to prioritize multiple requests and clearly communicate the priorities to the team and management.
•    Stays abreast of emerging trends, regulatory changes, and evolving threats in the security and compliance landscape, advising the organization on potential impacts and necessary actions.
•    Be able to identify and resolve conflicts and identify items that need senior management attention.
•    Effectively handles difficult requests, builds trusting, long-term relationships with Internal stakeholders and manage client/business expectations.
•    Ability to communicate effectively with all business levels internally and externally.
•    Capable of communicating security-related concepts to a broad range of technical and non-technical individuals as well as understanding new technologies quickly.
•    Ability to manage projects working with a diverse group of individuals across multiple geographies.
•    Familiarity with ISO 27001, NIST, and other guidelines on information security controls.
•    Certifications in one of more of the following is a plus: Certified Information Systems Security, Professional (CISSP), Certified Cloud Security Professional (CCSP) or Certified Information Security Manager (CISM).
•    Hold certifications, such as TOGAF or SABSA.
•    A relevant Microsoft security certification (e.g. Microsoft Security Architect Expert) would be a plus
 

Equal Opportunity Employer

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.