Information Security Analyst (Business Security Operations)

Job Summary       

• As the Information Security Associate within the Business Security Operations (Bus Sec Ops) team, you will be responsible for implementing and maintaining information & cyber security practices across WTW. 
• Candidate would be required to gain a high-level of knowledge and understanding of critical technology applications and security standards. 
• You will need to take a leadership role in building security testing framework for web-based applications which includes Threat Profiling, DAST, SAST, Security Architecture, and Penetration testing.
• In this role, you are expected to understand the organization’s information & cyber security strategy and standards while working collaboratively with technology teams to implement and maintain sound security practices. 
• This role resides in our Information & Cyber Security (ICS) team within Corporate IT.

Responsibilities & Duties       

• Build and maintain effective relationship with technology teams and ICS stakeholders
• Foster a culture of information and cyber security best practices though awareness and support
• Stay up to date with the latest application security developments and security trends to continually improve internal processes
• Hold good understanding of Application & Infrastructure testing methodology & support development teams in the remediation of vulnerabilities
• Work with development teams to improve the secure software development lifecycle
• Engage in information security activities to support client/business engagements i.e., incidents, vulnerabilities, development lifecycles, risk management and emerging threats
• Ability to coordinate and execute security testing for applications and cloud environments
• Engage with key stakeholders to support internal and external audit activities to ensure compliance with regulations such as: SOC, FCA, NYDFS, GDPR, HIPAA
• Demonstrate a good understanding of security regulations and data privacy laws
• Support the risk identification & exceptions management processManage and oversee adhoc projects related to maturing information and cyber security controls across the organization

Technical Skills: 

• Degree in a relevant Information Technology area preferably with a focus on information security   
• Significant experience in managing and patching vulnerabilities across a host of assets
• Expert understanding of all aspects of information security principles, policy and its application in business and technology areas   
• Understanding of core cloud security principles
• Knowledge and experience on supporting information security audits
     
     

Education Qualification : Degree in a relevant Business or Information Technology area