Description
The Role:
This role will support the delivery of Global Information and Cybersecurity (ICS) regulatory requirements. The responsibilities of this role will include:
- Execution of regulatory deliverables, Request for Information (RFIs), Audits and Regulatory questionnaire submissions with a focus on ICS & Technology Risk within a specified time and schedule.
- Define communications (planning, scoping, issues) engagement with stakeholders (regulators, control owners, senior management) related to regulatory deliverables, RFIs, audits and Regulatory questionnaire submissions.
- Engage with ICS Policies and Standard team to map ICS and Technology standards to the regulatory requirements.
- Co-ordinating and developing high quality and timely responses to requests for information, ensuring consistency and leveraging evidence where possible.
- Engage with the ICS controls testing team where application controls testing is required. Furthermore, support and monitor identified issues and gaps.
- Support manage and monitor identification and remediation of issue and gaps in line with WTW controls and regulatory requirements.
- Engage with ICS Risk Team to ensure that the identified risks are reported and managed in line with the risk processes.
- Support management reporting specifically around engagement status and issue management.
- Supporting wider team throughout the regulatory engagements.
- Contribute to the creation of and delivery of presentations and briefings as required for the key stakeholders.
- Generating reports for technical and non-technical stakeholders, including the creation of documentation.
- Understanding wider ICS functions and better understanding their Roles and Responsibilities to support our delivery.
Cross-Functional Collaboration:
- Collaborate with other regulatory compliance functions – e.g. Audit, Compliance, and Privacy, tech partners – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.
- Work with business units to ensure controls are effective and appropriately address to the relevant regulatory requirements they address.
- Facilitate in attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance assessment and/or audits.
Technology and Cybersecurity Regulatory Engagements Programs
- Collaborate in the developing and shaping Regulatory engagement operating model and standard processes.
- Devise and upkeep templates and tools to assist in implementing various ICS Regulatory Engagement programs and reporting.
- Supporting the implementation, alignment to, maintenance and monitoring of controls following Information Security standard and framework.
Qualifications
The Requirements:
- Experienced in identifying and managing Risk and compensating Controls.
- Demonstrable experience in analyzing and applying regulatory requirements to security practices.
- Demonstrable experience in supporting the business to implement controls to meet and maintain compliance in a highly complex global organization.
- Strong Project Management skills and experience.
- Excellent writing, presentation, and communication skills
- Experience of working with a high degree of autonomy, managing own workload and delivering tight timescales
- Familiarity with other technology, cybersecurity and privacy regulations would be beneficial.
- Excellent analytical problem-solving skills
- General knowledge of IT operations
- Holistic understanding of risk processes and functions.
Behaviours:
- Good communication skills.
- Global team player with good interpersonal and influencing skills.
- Customer focus and relationship management.
- Good analytical skills - ability to review and challenge materials produced by colleagues.
- Delivery focused, possessing high levels of resilience and determination.
- Ability to manage multiple, and changing, priorities.
- Strong desire to continue to learn.
Qualifications:
- Ideally qualified to degree level, in IT or security related subject.
- Ideally extensive years of work experience in Information Security, Information Technology or Risk
- Information security certifications (e.g. CISSP, CCSP, CISA, CRISC, CISM, ISO 27001 LA) are preferable.
- Project Management certification (e.g. PMP) is also preferable.
