Analyst

• Build and maintain effective relationship with technology teams and ICS stakeholders

• Foster a culture of information and cyber security best practices though awareness and support

• Stay up to date with the latest application security developments and security trends to continually improve internal processes

• Hold good understanding of Application & Infrastructure testing methodology & support development teams in the remediation of vulnerabilities

• Work with development teams to improve the secure software development lifecycle

• Engage in information security activities to support client/business engagements i.e., incidents, vulnerabilities, development lifecycles, risk management and emerging threats

• Ability to coordinate and execute security testing for applications and cloud environments

• Engage with key stakeholders to support internal and external audit activities to ensure compliance with regulations such as: SOC, FCA, NYDFS, GDPR, HIPAA

• Demonstrate a good understanding of security regulations and data privacy laws

• Support the risk identification & exceptions management process

• Manage and oversee adhoc projects related to maturing information and cyber security controls across the organization

Direct Span Indirect Span NA NA Degree in a relevant Business or Information Technology area 3-5 yrs. Skill Proficiency Degree in a relevant Information Technology area preferably with a focus on information security Significant experience in managing and patching vulnerabilities across a host of assets Advance Expert understanding of all aspects of information security principles, policy and its application in business and technology areas Advance Understanding of core cloud security principles Intermediate

Knowledge and experience on supporting information security audits

Intermediate

Client focus: ability to engage positively with WTW clients and business stakeholders.

Intermediate Information Security specific certification is desirable (such as CISM, CISSP, CISA, CEH)