Senior Associate - IS Security - WTW : Job Details

This role will directly support the Global Information and Cyber Security (ICS) Group within WTW.  You will use your skills and experience to support ICS team, delivery of technology and cyber regulatory engagements.  You will work closely with ICS subject matter experts, the ICS group, Business Operations, Internal Audit, Compliance and Risk functions, Privacy, Information Technology and other internal key stakeholders. Critically, you must be an effective implementer of common controls across multi regulated environment, abreast of relevant laws and regulations as it applies to Information and Cyber Security and IT related requirements, and familiar with different industry standards and best practices for Information and Cyber Security.  You must also be an excellent communicator, a supportive team player, resourceful, independent and adaptive to change.The role is based at the Ipswich office, however, the work style will be hybrid. The Role: This role will support the delivery of Global Information and Cybersecurity (ICS) operations, responsibilities of this role will include:

• Execution of regulatory deliverables, RFIs, exams, audits, and overall engagement, with a focus on ICS & Technology Risk within specified time and schedule. 
• Define communication (planning, scoping, issues) engagement with stakeholders (regulators, control owners, senior management) related to regulatory deliverables, RFIs, audits and exams.
• Co-ordinating and developing high quality and timely responses to requests for information, ensuring consistency across responses.
• Support the development of appropriate and comprehensive responses and remediation plans when regulatory issues and concerns are identified. 
• Engage with ICS Risk Team to ensure that the risks are identified and reported.
• Support the resolution of significant regulatory issues in conjunction with the business, providing regulatory insight and challenge regarding the quality of draft responses and proposed mitigating actions and controls.
• Follow up on remediation of associated gaps, including controls enhancements. Monitor and manage the delivery or closure of each identified gaps. Engage with stakeholders to obtain updated remediation progress for reporting purposes. 
• Support implementation of initiatives related to new rules, regulatory exam feedbacks or internal framework enhancements, liaising across relevant business, technology, and control functions to prioritize risks, challenge approaches, and drive appropriate risk response
• Work closely with partners in other Functions and Business Areas, specifically about controls, to ensure consistent, insightful and clear communications to both regulators and the international regulatory engagement team
• Engage with stakeholders like Compliance, Legal regarding new & amended regulations with the view to seek their input into RFI submissions.
• Engage with the wider ICS team to improve working relationships to support each other.
• Engage with stakeholders to understand on going transformation and changes that may impact our delivery. 
• Improve regulatory engagement support within geographical regions.
• Regularly review / co-review and co-ordinate each stage of the regulatory engagement lifecycle 
• Deliver timely regulatory engagement updates and effective MI to support ICS management reporting.
• Find the most cost-effective way of working. 
• Support teams by helping define, shape, and write ICS processes and procedures to support continuous service improvements and audit management action plans.
• Facilitate in defining standard approach to scope incoming regulatory engagement requests.
• Timely escalation of issues to avoid regulatory fines.
• Manage RFPs against budget (where applicable)
• Ensure expenses are minimal and adhere to company policies.
• Contribute to the creation and delivery of presentations and briefings as required to key stakeholders. 
• Generate reports for technical and non-technical stakeholders, including the creation of documentation, 
• May be required to support ICS team with other tasks.

Reg Engagement and Audit Compliance:

• Ascertain security and technology requirements from relevant regulations. Provide support and expertise to the business and other corporate functions for relevant Request for Information (RFI), questionnaires/surveys, and/or audits from the regulators where necessary.
• Proactively maintain visibility and track relevant state and industry laws, regulations and national standards across various regions
• Conduct assessment of security and technology gaps and ascertain appropriate expected outcome for security and technology requirements identified.
• Facilitate in interfacing, attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance

Cross-Functional Collaboration

• Collaborate with other regulatory compliance functions – e.g. Audit, Compliance, and Privacy, tech partners – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.     
• Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.
• Facilitate in interfacing, attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance assessment and/or audits.

Technology and Cybersecurity Regulatory Engagements Programs

• Collaborate in the developing and shaping Regulatory engagement operating model and standard processes.
• Devise and upkeep templates and tools to assist in implementing various ICS Regulatory Engagement programs and reporting.
• Take lead in the implementation, alignment to, maintenance and monitoring of controls following Information Security standard and framework such as ISF, ISO 27001, PCI-DSS, SOC 1/2, Cyber Essentials, etc.
• Provide input and assist in shaping and improving Regulatory Engagement operating framework and processes.

The Requirements: Skills and...