Regulatory Engagements Tech. and Cyber Lead Manila

This role will directly support the Global Information and Cyber Security (ICS) Group within WTW.  Within this group you will use your skills and experience to support ICS team, delivery of technology and cyber regulatory engagements and manage the Global ISO 27001 program within this global risk management company.  You will work closely with ICS subject matter experts, the ICS group as a whole, executive business management, Internal Audit, Compliance and risk functions, Privacy, Information Technology and other internal key stakeholders.

Critically, you must be an effective implementer of common controls across multi regulated environment, abreast of relevant laws and regulations as it applies to Information and Cyber Security and IT related requirements, and familiar with different industry standards and best practices for Information and Cyber Security.  You must also be an excellent communicator, a supportive team player, resourceful, independent and adaptive to change.

The Role

Overarching responsibilities 

This senior role, based in Manila, will support the delivery of Global Information and Cybersecurity (ICS) operations, responsibilities of this role will include:

• Deputize where required for Technology and Cyber Regulatory Engagements Lead
• Manage day to day operations of ICS Risk team in Manilla.
• Ensure implementation and adherence of ICS policies and procedures.
• Contribute to the creation of and delivery of presentations and briefings as required to key, senior stakeholders. 
• Generate reports for technical and non-technical stakeholders, including the creation of documentation, executive packs, or detailed reports to provide narrative of complex subjects to board/senior level management.
• Contribute to the monthly Lessons Learned process and support continuous improvements.
• Support teams by helping define, shape, and write ICS processes and procedures to support continuous service improvements and audit management action plans.
• Assisting in annual budget 
• May be required to support ICS team with other tasks.

Regulatory engagements and audit compliance

• Lead the APAC Regulatory Engagements Team in Asia Pacific region.
• Proactively maintain visibility and track relevant state and industry laws, regulations and national standards in Asia Pacific as well as other regions
• Ascertain security and technology requirements from relevant regulations. Provide support and expertise to the business and other corporate functions for relevant Request for Information (RFI), questionnaires/surveys, and/or audits from the regulators where necessary.
• Conduct assessment of security and technology gaps and ascertain appropriate expected outcome for security and technology requirements identified.
• Oversee and conduct peer review of all regulatory engagement services in Asia Pacific region completed by the team members.
• Collaborate with the process/application/control owners to facilitate and/or devise appropriate action/remediation plans for identified gaps. Monitor and manage the delivery or closure of each identified gaps. 

Cross-Functional Collaboration

• Collaborate with other regulatory compliance functions – e.g. Audit, Compliance, and Privacy, tech partners – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.      
• Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.
• Facilitate in interfacing, attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance assessment and/or audits.

Technology and Cybersecurity Regulatory Engagements Programs

• Collaborate in the developing and shaping Regulatory engagement operating model and standard processes.
• Devise and upkeep templates and tools to assist in implementing various ICS Regulatory Engagement programs and reporting.
• Take lead in the implementation, alignment to, maintenance and monitoring of controls following Information Security standard and framework such as ISF, ISO 27001, PCI-DSS, SOC 1/2, Cyber Essentials, etc.
• Provide input and assist in shaping and improving Regulatory Engagement operating framework and processes.

ISO 27001 Program Management / Information Security Management Representative (ISMR)

• Lead and manage the Global ISO 27001 program and act as the Information Security Management Representative
• Plan and orchestrate the pre, during and post audit activities.
• Oversee the audits globally and resolve issues escalated.
• Oversee the contract and performances of ISO audit providers.
• Drive expansion of the scope of the certification by developing plans, driving awareness on, and selling the ISO 27001 certification program to the business. 
• Manage and keep the expenses within budget.
• Improve the audit support structure and reporting.

The Requirements

• Possesses a combination of business, behavioral, and technical leadership skills – ability to navigate in a dynamic and complex organization, translate business requirements and manage stakeholder expectations. 
• Experience in working in a collaborative environment.
• Critically, you must be an effective implementer of common controls across multi regulated environment, abreast of relevant laws and regulations as it applies to Information and Cyber Security and IT related requirements, and familiar with different industry standards and best practices for Information and Cyber Security. 
• Demonstrable experience in analyzing and applying regulatory requirements to security practices.
• Sound knowledge and experience in managing compliance to technology, cybersecurity and privacy related regulations in APAC such as China Cyber Security Law, Multi-Level Protection Scheme (MLPS 2.0), Monetary Authority of Singapore (MAS) regulations, Insurance Regulatory and Development Authority of India (IRDA) regulations, Australia CPS 234, Bank of Negara’s relevant regulations, OJK of Indonesia relevant regulations, and other  cross-border or data localization related regulations in Asia Pacific.
• Familiarity with other technology, cybersecurity and privacy regulations such as but not limited to ISO 27001, GDPR, FCA, HIPAA, NYDFS, CCPA, SOX, SOC 1/2 etc.
• Familiarity with changes and trends in the regulatory landscape.
• Demonstrable ability to lead and execute across a range of business and functions with differing issues and interests.
• Sound knowledge in the implementation and compliance to other Information Security industry best practices and standards including but not limited to NIST, ISF, CE+, TISAX, COBIT, PCI-DSS, SOC1/2/3, etc.
• Sound knowledge on cloud environment, cybersecurity controls and best practices.
• Strong Project Management skills and experience. 
• Excellent writing, presentation, and communication skills
• Experience with IT audit functions and IT controls are preferable.
• Proven ability to work in global collaborative group environment.
• Experience of working with a high degree of autonomy, managing own workload and delivering to tight timescales
• Proven excellence in PPT presentations for reporting process metrics and delivering KPI’s.
• Excellent analytical problem-solving skills
• Experience of working in a regulated environment, not necessarily insurance or financial services are preferable.

Behaviors:

• Management skills including management of performance evaluations
• You must also be an excellent communicator, a supportive team player, resourceful, independent and adaptive to change.
• Ability to work under pressure and to resolve issues effectively
• Strong desire to continue to learn.
• Resourcefulness and organisational agility.
• Global team player with good interpersonal and influencing skills.
• Customer Focus/ Relationship Management.
• Personal learning.
• Organized and methodical.
• Integrity and Trust.

Qualifications:

• Qualified to degree level, in IT or security related subject.
• At least 10+ years’ work experience in Information Security.
• Information security certifications (e.g. CISSP, CCSP, CISA, CRISC, CISM, ISO 27001 LA) are preferable.
• Project Management certification (e.g. PMP) is also preferable. 
• Fluent in English language, both verbal and writing, is required.
• Ability to speak other Asian Non-English language is preferred.

WTW is an Equal Opportunity Employer