Cloud Security Analyst (ICT TECH TD 2025 36)

The Role

• Support Vulnerability and Patch Management for ICT. Resolve issues with internal stakeholders.
• Prioritize and reduce Vulnerability risk on ICT IT assets.
• Perform Vulnerability risk assessments.
• Analyze severe vulnerabilities and provide mitigation strategies.
• Assess Cloud Security threats using native and third-party tools.
• Implement, monitor, and report on secondary security controls, ensuring policy compliance.
• Support the management of risk when patches or standards cannot be applied.
• Assist in audit programs.
• Update governance and MI reports.
• Maintain documentation for security controls, policies, and procedures.
• Collaborate with WTW (ICS) corporate security team.
• Stay updated on cloud security threats and measures.

The Requirements

• Comprehensive knowledge of cloud security controls and industry best practices.
• Proficiency with Microsoft Security suite products, including Microsoft Defender for Cloud, Sentinel, Azure
• Update Manager, and Azure cloud services.
• Extensive expertise in vulnerability management, threat assessment, countermeasure implementation,
• and patch management within cloud-based infrastructures and services.
• Ability to clearly convey technical details to both technical and non-technical audiences.
• Proven capability to participate in and support cross-functional teams.
• Familiarity with industry-standard best practices.
• Excellent documentation and communication skills.
• Strong organizational skills, with the ability to multi-task, identify priorities, and meet planned schedules.

Other highly desirable, but not essential skills are:

• CISSP or equivalent qualifications
• General knowledge of the insurance industry
• Degree in Computer Science, Engineering, Mathematics, or related field
• Familiarity with third-party security tools (Wiz, Puppet, Nexpose)
• Proficiency in Python, PowerShell, and other scripting languages
• Experience in a Security Operations role within a complex environment
• Understanding of cybersecurity standards and frameworks (ISO27001, NIST800-53, CIS, OWASP,SOC2)

Equal Opportunity Employer

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.