Secure Partnerships. Strengthen Enterprise Resilience.
WTW’s Technology and Cyber Risk, Controls & Regulatory Engagement function is seeking a skilled Information Security Operational Risk Analyst to help manage and oversee cybersecurity risks related to our third-party vendors.
In this role, you’ll serve as the vital link between day-to-day operational security monitoring and strategic risk oversight for third-party relationships. You’ll be responsible for identifying, assessing, and supporting the mitigation of cybersecurity threats that may arise from external vendor environments—contributing directly to the strength and resilience of WTW’s overall risk posture.
If you're analytical, detail-oriented, and passionate about protecting organisations from third-party cyber threats, this is your opportunity to make a meaningful impact in a global environment.
The Role
This role will support the ongoing operations of WTW Technology and Cyber Risk and Controls & Regulatory engagement function in:
1. Monitoring third-party environments for security incidents, suspicious behavior and policy violations.
2. Perform security risk assessments on vendors and service providers based on threat intelligence and business context.
3. Collaborate with procurement, legal and risk teams to onboard vendors with appropriate security controls and risk mitigations strategies
4. Triage and respond to incidents that have the potential to impact business through third party channels
5. Contribute to and improve the risk management framework through incident and operational insights.
6. Maintain metrics and reports on vendor risk exposure and control maturity.
7. Conduct thorough security assessments of suppliers to identify potential risks and vulnerabilities.
8. Collaborate with suppliers to develop and implement risk mitigation plans.
9. Monitor and review supplier compliance with information security requirements.
10. Provide guidance and support to internal teams on supplier risk management practices.
11. Stay up to date with the latest information, security trends, threats, and technologies.
12. Report on supplier risk management activities.
13. Ensure compliance with relevant regulations, standards, and industry best practices.
At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution. We understand flexibility is key to supporting an inclusive and diverse workforce and so we encourage requests for all types of flexible working as well as location-based arrangements. Please speak to your recruiter to discuss more.