London, England, GB
31 days ago
Technology Risk Advisor

The successful candidate will be responsible for managing all activities related to WTW Risk Management capability for Technology across all relevant functions. The role holder will represent Technology (Enterprise and Business technology) in the end to end management of the risk identification, risk assessment and risk treatment whilst liaising with Risk and Controls Owners and any other relevant stakeholders. 

In addition, the role holder is responsible for execution of all reporting capabilities related to risk identification, risk assessment and risk treatment underpinned by the defined Technology and Cyber Risk and Control Framework. Excellent specialist knowledge of technology controls is a must for this role. 

Based in the UK the role will have global stakeholders and require the ability to manage them remotely. The successful candidate will be organized with good attention to detail and the ability to work under pressure. The role holder will work closely with stakeholders to ensure that details of risks are clearly understood by risk owners as well as remediation owners including expectation about operational effectiveness of relevant controls. Providing suggestions and recommendations on risk treatment (acceptance, remediation, transfer, closure) to risk owners will be a core remit of this role. They will be an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence and ensuring effective management of technology risk.

You will be reporting to Global Head of Technology and Cyber Risk and Controls & Regulatory Engagements.  The normal working base location will be UK.

The Role

This role will oversee, deliver and support technology management service and will therefore include activities such as:
•    Working with risk and control owners and other key stakeholders to prepare artefacts required to agree risk identification, assessment, and treatment, including analysis and review of management responses 
•    Working with wider risk management team to agreed processes and required artefacts 
•    Ability to execute risk assessments (planned and ad-hoc) independently as well as part of the team
•    Provide insight into information and cyber security risk findings and coach others through the development of remediation plans to appropriate risk treatment action plan is agreed
•    Provide appropriate challenge to stakeholders across all three lines of defence 
•    Status reporting and MI for senior stakeholders
•    Effective communication to all stakeholders
•    Taking initiatives and contributing to improvement of the technology and cyber risk and controls management activities and framework
•    Work with the wider technology and cyber risk management team to ensure correlation of related artifacts and timely follow ups with stakeholders
•    Identify opportunities and recommendation to improve the design and implementation of technology controls whilst being driven by defined risk appetite

The Requirements: 

Skills:
•    In depth understanding of risk management frameworks as they pertain to technology and information and cyber security 
•    In depth understanding of three lines of defense principles and scope 
•    Credibility and technical understanding of technology as well as information and cyber security and control management practices
•    Substantial experience in information and cyber security risk management processes supported by governance preferably in a financial institution 
•    Previous experience in Risk Management role (1st or 2nd LoD) or IT Audit 
•    Knowledge and understanding of IT general controls and IT concepts
•    Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate a strong awareness of technology and how IT is used to enable business processes with ability to deep dive into technical details when necessary 
•    Experience in working with common industry used GRC tools 
•    Experience of working within a Global Financial organisation (desirable)
•    Ability to work independently as well as part of the team

Qualifications:
•    Educated to degree level or equivalent 
•    Hold professional qualifications in a related subject for example, CRISC, CISSP, CISM, CISA
•    Extenstive experience in a risk management role 
•    Experience of working within a Global Financial organisation

Behaviours:
•    Resourcefulness and organizational agility
•    Global team player with good interpersonal and influencing skills
•    Conflict Management Resolution (Options Analysis)
•    Customer Focus & Integrity and Trust
•    Personal Learning & development

 

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

Confirm your E-mail: Send Email