About the Team:
The Enterprise Technology team provides core Information Technology operations and end‑user technology services that support colleagues across the organization. The team focuses on keeping enterprise technology services available, secure, and well‑governed, ensuring smooth day‑to‑day Information Technology operations.
The Role:
This role will support Governance, Risk and Compliance responsibilities within WTW and includes activities such as;
- Provide oversight and input to Identity & Access Management processes undertaken across WTW including access recertification, privileged access, JML, policies/standards and risk process ensuring alignment with the internal Information and Cyber Security framework.
- Assist the Identity & Access Management Leads in developing the Identity Control Framework by continually researching new technologies, processes and practices contributing to the long-term Identity strategy within WTW.
- Manage key audit requests from both internal and external auditors to provide regulatory evidence to support SOX, SOC2 (System and Organization Controls 2), HIPPA etc.
- Perform as a subject matter expert within Identity & Access Management covering all aspects of the Identity Security
- Support solution development through problem solving to ensure adherence to Security Controls, Policies and Standards with a focus on automation and control.
- Derive themes from identified gaps and recommend appropriate remediation measures to mitigate risk associated with gaps.
- Work closely with senior leadership to identify improvement opportunities to enhance existing controls.
- Manage the end-to-end audit lifecycle and Own Management Action Plans
- Govern Identity & Access Management documentation: design, maintain, and continuously improve policies, Standard Operating Procedures, and compliance dashboards.
The Requirement
- Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO etc.)
- Knowledge and understanding of Regulatory Risk and Compliance policies and programs
- Experience of Cloud technology and Identity solutions and practices
- Ability to work as part of a team
- Knowledge of Identity & Access Management controls and how to implement them effectively such as; toxic combinations, segregation of duties, lead privileged and zero trust
- Ability to deliver change through people
- Excellent Communication skills, especially written English
- Strong Stakeholder management and ability to influence business and Information Technology leadership.
- The ability to foster and grow relationships.
- Knowledge of SOX/SOC2 (System and Organization Controls 2) requirements for Privileged Access Monitoring and Access Governance Controls.
- Experience of working in a live operational environment with an understanding of the impact of policy adherence is desirable.
- Continuous Learner with a track record of driving process improvement and control maturity.
- Resourcefulness and organizational agility
- Global team player with good interpersonal and influencing skills
- Conflict Management Resolution (Options Analysis)
- Customer Focus & Integrity and Trust
- Personal Learning & development
