Control Resilience Assessor
Willis Towers Watson
Mumbai, Maharashtra
13h ago

Position

Control Resilience Assessor

Reporting to

Manager Control Resiliency Team

Shift Timing

1.30 P.M. 10.30 P.M. (Mon-Fri)

Job Summary

Willis Towers Watson has building their Information & Cyber Security (ICS) capabilities to cater to growing Information Security, Risk and Assurance needs of their business, clients and regulatory requirements.

These capabilities cater to different verticals such as Strategy Governance, Risk & Compliance, Cyber Defence and Operations, ICS Architecture, Security Assurance.

Mumbai is being developed as Security Center of Excellence and is responsible as well accountable for the delivery of the services provided by the ICS function globally.

Control Resiliency team is a part of Global Strategy Governance, Risk & Compliance vertical. Current role will support the delivery of projects related control testing in the areas of Information & Cyber Security, Technology, Infrastructure etc.

Conducting design adequacy and operating effectiveness testing of on-prem and cloud controls associated with different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001, CCPA, NYDFS etc.

with proven extensive knowledge in IT Auditing & Audit analytics. Providing appropriate recommendations on improvement of IT controls and processes.

You will work closely with Business, IT and Internal stakeholders to support the delivery of Control Resiliency assignments.

Most importantly, you must be an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence and ensuring effective management of security risk.

Principal Accountabilities

Manager or manager of people (to include number of reports) or individual contributor :

  • Individual contributor
  • Geographic scope of role :

  • Global
  • Budgetary and risk management responsibilities :

  • N / A
  • Revenue responsibilities :

    Others :
  • N / A
  • N / A
  • Principal Duties / Responsibilities

    Business As Usual

  • Perform controls (On-prem & Cloud) including assessment of, Control design AdequacyControl Operating effectiveness
  • Demonstrable knowledge on different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001 etc
  • Establishing and operating processes and procedures for control testing
  • Excellent executional skills with respect to control testing
  • Reporting and tracking on prem and cloud control gaps as well as ineffective or inadequate controls
  • Identify opportunities and recommendation to improve the design and implementation of controls
  • Support control owners in the design and maintenance of controls and documentation
  • Undertaking such other tasks and responsibilities as assigned by Manager
  • Keep yourself up-to date with latest IS related regulation and standards
  • Communications and Relationships

    Internal :

  • Other members of GRC & ICS teams
  • IT Control Owners and teams
  • Other IT teams
  • External : n / a

    Competencies

  • Global Business Knowledge
  • Cross-Cultural Resourcefulness
  • Cross-Cultural Agility
  • Assignment Hardiness
  • Cross-Cultural Sensitivity
  • Humility
  • Organizational Agility
  • Customer Focus
  • Integrity and Trust
  • Personal Learning
  • Self-Starter
  • Required Qualifications, Skills, Knowledge, Experience

    Qualifications :

  • Qualified to degree level, preferably in a Business, IT or Security related subject with
  • Information security qualifications (e.g. CISA, CISM, CISSP) are preferable.
  • Interested in developing skills and knowledge of IT Risk Management, and willing to work towards appropriate professional qualifications, such as CISA
  • Formal training in security, risk management or compliance is beneficial.
  • Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate a strong awareness of technology and how IT is used to enable business processes.
  • Skills

  • Proven Auditing competency
  • Strong IT and analytical skills
  • Proactive rather than reactive
  • Team player with good interpersonal skills
  • Ability to work under pressure to tight timelines
  • Organised and methodical
  • Willing to challenge and desire to learn
  • Good communication skills, both orally and in writing
  • Knowledge / Experience :

    Essential

  • Knowledge and understanding of IT Auditing and IT Risk concepts
  • Knowledge and understanding of ERPs, Active Directory, SIEM, Identity Access Management, Privileged Access Management tools .
  • Experience working as part of a business support function such as Risk, Compliance or Information security in a large enterprise.
  • Beneficial

  • Existing IT Audit experience of around 4-9 years
  • Demonstrable knowledge of Cloud Security & Cloud Control Testing
  • Demonstrable knowledge of Risk management tools, methodologies and practices
  • Knowledge of IT standards, frameworks, regulation and legislation
  • Experience of managing own workload and delivering to tight timescales.
  • Other relevant experience, e.g. Information Security, experience of working in a regulated environment, not necessarily insurance or financial services
  • Regulatory Requirements

    Other e.g. location / business specific inc. language skills etc.

  • Fluent Business English essential.
  • Other languages are an advantage.
  • This role will be based in a geographic location appropriate to the needs of the business, and appropriate local language skills may be required.
  • Some travel between offices may be required
  • Prepared by :

    Approved by : Subject Matter Expert

    Approved by : Senior Executive

    Position

    Control Resilience Assessor

    Reporting to

    Manager Control Resiliency Team

    Shift Timing

    1.30 P.M. 10.30 P.M. (Mon-Fri)

    Job Summary

    Willis Towers Watson has building their Information & Cyber Security (ICS) capabilities to cater to growing Information Security, Risk and Assurance needs of their business, clients and regulatory requirements.

    These capabilities cater to different verticals such as Strategy Governance, Risk & Compliance, Cyber Defence and Operations, ICS Architecture, Security Assurance.

    Mumbai is being developed as Security Center of Excellence and is responsible as well accountable for the delivery of the services provided by the ICS function globally.

    Control Resiliency team is a part of Global Strategy Governance, Risk & Compliance vertical. Current role will support the delivery of projects related control testing in the areas of Information & Cyber Security, Technology, Infrastructure etc.

    Conducting design adequacy and operating effectiveness testing of on-prem and cloud controls associated with different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001, CCPA, NYDFS etc.

    with proven extensive knowledge in IT Auditing & Audit analytics. Providing appropriate recommendations on improvement of IT controls and processes.

    You will work closely with Business, IT and Internal stakeholders to support the delivery of Control Resiliency assignments.

    Most importantly, you must be an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence and ensuring effective management of security risk.

    Principal Accountabilities

    Manager or manager of people (to include number of reports) or individual contributor :

  • Individual contributor
  • Geographic scope of role :

  • Global
  • Budgetary and risk management responsibilities :

  • N / A
  • Revenue responsibilities :

    Others :
  • N / A
  • N / A
  • Principal Duties / Responsibilities

    Business As Usual

  • Perform controls (On-prem & Cloud) including assessment of, Control design AdequacyControl Operating effectiveness
  • Demonstrable knowledge on different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001 etc
  • Establishing and operating processes and procedures for control testing
  • Excellent executional skills with respect to control testing
  • Reporting and tracking on prem and cloud control gaps as well as ineffective or inadequate controls
  • Identify opportunities and recommendation to improve the design and implementation of controls
  • Support control owners in the design and maintenance of controls and documentation
  • Undertaking such other tasks and responsibilities as assigned by Manager
  • Keep yourself up-to date with latest IS related regulation and standards
  • Communications and Relationships

    Internal :

  • Other members of GRC & ICS teams
  • IT Control Owners and teams
  • Other IT teams
  • External : n / a

    Competencies

  • Global Business Knowledge
  • Cross-Cultural Resourcefulness
  • Cross-Cultural Agility
  • Assignment Hardiness
  • Cross-Cultural Sensitivity
  • Humility
  • Organizational Agility
  • Customer Focus
  • Integrity and Trust
  • Personal Learning
  • Self-Starter
  • Required Qualifications, Skills, Knowledge, Experience

    Qualifications :

  • Qualified to degree level, preferably in a Business, IT or Security related subject with
  • Information security qualifications (e.g. CISA, CISM, CISSP) are preferable.
  • Interested in developing skills and knowledge of IT Risk Management, and willing to work towards appropriate professional qualifications, such as CISA
  • Formal training in security, risk management or compliance is beneficial.
  • Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate a strong awareness of technology and how IT is used to enable business processes.
  • Skills

  • Proven Auditing competency
  • Strong IT and analytical skills
  • Proactive rather than reactive
  • Team player with good interpersonal skills
  • Ability to work under pressure to tight timelines
  • Organised and methodical
  • Willing to challenge and desire to learn
  • Good communication skills, both orally and in writing
  • Knowledge / Experience :

    Essential

  • Knowledge and understanding of IT Auditing and IT Risk concepts
  • Knowledge and understanding of ERPs, Active Directory, SIEM, Identity Access Management, Privileged Access Management tools .
  • Experience working as part of a business support function such as Risk, Compliance or Information security in a large enterprise.
  • Beneficial

  • Existing IT Audit experience of around 4-9 years
  • Demonstrable knowledge of Cloud Security & Cloud Control Testing
  • Demonstrable knowledge of Risk management tools, methodologies and practices
  • Knowledge of IT standards, frameworks, regulation and legislation
  • Experience of managing own workload and delivering to tight timescales.
  • Other relevant experience, e.g. Information Security, experience of working in a regulated environment, not necessarily insurance or financial services
  • Regulatory Requirements

    Other e.g. location / business specific inc. language skills etc.

  • Fluent Business English essential.
  • Other languages are an advantage.
  • This role will be based in a geographic location appropriate to the needs of the business, and appropriate local language skills may be required.
  • Some travel between offices may be required
  • Prepared by :

    Approved by : Subject Matter Expert

    Approved by : Senior Executive

    Bachelor's degree

    Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form