SSON JOB BOARD: Business Information Security Leader Taguig, Manila, PH - Willis Towers Watson
You will be an information and cyber security trusted advisor to senior business and technology stakeholders when forming strategy and delivering business change, ensuring that the business continues to be secure and compliant with the WTW Information and Cyber policies and standards. You will assist the business with ongoing information & cyber security risk management by assessing and tracking risks and policy exceptions and monitoring of the security position of the business.
In addition, as the BISO you will assist with the delivery of the Information & Cyber Security Strategy, ensuring that it is fit for purpose across the Segment and delivery its tailored to minimize business disruption.
This role resides in our Information & Cyber Security team within Corporate IT, reporting to the Global Business Information Security Officer.
- Provide input into business strategy to ensure that information & cyber security is included as part of business change and security portfolio to meet segment needs
- Build and maintain effective relationship with a Segment and Technology stakeholders
- Be the voice of Information and Cyber Security in the Segment and the voice of the business within Information and Cyber Security
- Provide regular briefings and management information/key performance indicators/key risk indicators to business and technology leaders and respective governance meetings as required
- Act as a point of contact for co-ordination and onward escalation of operational risks & issues affecting the segment (e.g. Cyber incidents, vulnerabilities etc.)
- Provide oversight of any business-based information security controls and provide assurance that those controls are operating effectively to local management and to global governance meetings
- Provide input to the formation of the Information & Cyber Security Strategy to ensure that it meets Segment needs
- Assess on annual basis the impact of the Information & Cyber Security Strategy on the Segment, ensuring that delivery of the strategy is planned to minimize any business disruption
- Support the development and/or tailoring of an effective security awareness program for implementation at Segment level
- Own and communicate the Segment roadmap for information & cyber security aligned with WTW risk appetite and Information & Cyber Security Strategy
- Carry out annual Segment self-assessment and flag security gaps to Global CISO
- Consult and support reviews of customer facing technologies ensuring client data is protected for the Segment and support white glove client escalations with CRDs (Client Relationship Directors) and in partnership with Director of Client Security.
- Degree in a relevant Business or Information Technology area
- Information Security specific qualification is desirable (such as CISM, CISSP)
- Expert understanding of all aspects of information security principles, policy and its application in business and technology areas (at least 10 years of experience)
- Knowledge of risk assessment methodologies and techniques and controls assurance techniques
- Experience of handling regulators
- Experience of security awareness program implementation and culture change techniques
- You will have a passion for your work, a strong desire to learn and a real love of information security – with an understanding of the positive impacts it can make to a business.
- Experience managing a team of security, assurance, and/or compliance professionals.
- An ability to work across multiple business segments and contexts, and to understand that different teams will require different engagement approaches will be helpful.
- Effective communication and stakeholder management skills are a core requirement for this role.