Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Support the identification and management of technology and cyber risks through audits and assessments.
- Company: WTW is a global leader in risk management, committed to inclusivity and diversity.
- Benefits: Enjoy a hybrid work environment with flexibility and a culture that values your contributions.
- Why this job: Join a dynamic team focused on impactful risk management in technology and cyber security.
- Qualifications: Degree level education and relevant professional qualifications are required; experience in cyber risk management is essential.
- Other info: We embrace diversity and foster an inclusive workplace where everyone can thrive.
The predicted salary is between 36000 - 60000 £ per year.
WTW Information & Cyber Security (ICS) Risk Management team requires a technology and cyber risk management analyst to support the team in the identification, assessment, treatment, and overall management of technology and cyber risks facing WTW (including but not limited to risk analysis, reporting and risk assessments). This role will also focus on implementing ICS risk management oversight of technology and cyber internal audit findings.
This role will support the ongoing operations of the ICS risk management team with primary responsibilities including:
- Technology and Cyber audit finding specific duties:
- Be the ICS risk management lead supporting validation of internal audit findings and appropriate remediation approach by Technology and Cyber functions to treat the risk within an acceptable risk-based timelines.
- Become an SME on the Internal Audit processes, schedules and support functional leads in agreeing remediation plans timeline based on the end to end internal audit processes.
- Analyse audit findings to identify generic indicators of risk, control design and effectiveness which might be systemic.
- Perform oversight of reporting of internal audit findings and provide constructive feedback and challenge.
- Be a point of contact to Technology and Cyber colleagues who might need some support in effective management of risk from internal audits.
- Be a point of contact for Internal Audit if they perceive any issues potentially affecting the timely completion of the audit findings.
- Support development of KRIs to assist Technology and Cyber functional management effectively manage risk raised from internal audit findings.
- Support the consideration of MAP findings and how these align to technology and cyber control design and effectiveness verification and how these might impact the technology and cyber risk profile.
In addition, this role will support the ICS Risk Management team on other processes relating to management of technology and cyber risk, including:
- Support performing risk identification, assessment, treatment, reporting and governance processes relating to effective management of technology and cyber risk.
- Support the management of the Technology and Cyber Risk Management Frameworks and related automation of processes.
- Support the building of an effective culture of technology and cyber risk management through awareness and education.
The Requirements:
- Skills:
- Experience of technology and cyber internal audits within the structure of 3 lines of defense.
- Knowledge and experience of technology and information and cyber security risk and controls frameworks and related processes.
- Experience of technology and cyber risk and issue management.
- Strong stakeholder management, ability to foster and grow relationships, constructive challenge and negotiation skills.
- Excellent communication skills, especially written English.
- Knowledge of GRC tool such as Riskonnect would be an advantage.
- Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO etc.).
- Experience of implementations using Agile approach and practices.
- Proven ability as a team member with ability to prioritise conflicting deadlines and priorities, and respond quickly to changing priorities and work effectively on their own initiative.
- Experience of analysing reporting submissions for completeness and accuracy, and addressing areas of concern with contributors.
- Able to interpret & present data and information in the appropriate format for different audiences.
- Detail-oriented and capable of delivering at a high level of accuracy.
- Educated to degree level or equivalent.
- Hold professional qualifications in a relevant subject; for example, CRISC, CISSP, CISM, CISA.
- Strong extensive experience in technology role (with proven experience of active management of technology and cyber risks (for example, in projects, technical SME areas etc.).
- Experience of working within a global financial and regulated organisation.
- Global team player with good interpersonal skills.
- Core competencies in regard to influence, negotiation, conflict resolution and assertiveness.
- Resourcefulness and organizational agility.
- Customer focus, integrity and trust.
- Personal learning & development.
At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity. At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a hybrid style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and hybrid is not a one-size-fits-all solution.
Technology and Cyber Security Risk Management Analyst employer: Willis Towers Watson
Contact Detail:
Willis Towers Watson Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Technology and Cyber Security Risk Management Analyst
✨Tip Number 1
Familiarise yourself with the specific internal audit processes and frameworks mentioned in the job description, such as FFIEC, NIST, and ISO. Understanding these will help you speak confidently about how you can contribute to the team.
✨Tip Number 2
Network with professionals in the technology and cyber security field, especially those who have experience in internal audits. Engaging with them can provide insights into the role and may even lead to referrals.
✨Tip Number 3
Demonstrate your stakeholder management skills by preparing examples of how you've successfully navigated complex relationships in previous roles. This will show that you can effectively collaborate with various teams.
✨Tip Number 4
Stay updated on the latest trends and challenges in technology and cyber risk management. Being knowledgeable about current issues will allow you to engage in meaningful conversations during interviews.
We think you need these skills to ace Technology and Cyber Security Risk Management Analyst
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in technology and cyber risk management. Focus on your skills related to internal audits, stakeholder management, and any specific frameworks you've worked with, such as FFIEC or NIST.
Craft a Strong Cover Letter: In your cover letter, express your enthusiasm for the role and how your background aligns with the responsibilities outlined in the job description. Mention specific experiences that demonstrate your ability to manage technology and cyber risks effectively.
Highlight Relevant Qualifications: Clearly list any professional qualifications you hold, such as CRISC, CISSP, or CISM. This will show that you have the necessary credentials to excel in the role and understand the complexities of technology and cyber security.
Showcase Communication Skills: Since excellent written communication is crucial for this role, ensure your application is free from errors and clearly structured. Use concise language and bullet points where appropriate to make your key achievements stand out.
How to prepare for a job interview at Willis Towers Watson
✨Understand the Role Thoroughly
Make sure you have a solid grasp of the responsibilities outlined in the job description. Familiarise yourself with technology and cyber risk management concepts, as well as internal audit processes, to demonstrate your knowledge during the interview.
✨Showcase Your Stakeholder Management Skills
Prepare examples that highlight your ability to manage relationships and communicate effectively with various stakeholders. This role requires strong interpersonal skills, so be ready to discuss how you've successfully navigated challenging conversations or negotiations in the past.
✨Demonstrate Analytical Thinking
Be prepared to discuss your experience with analysing audit findings and identifying systemic risks. You might be asked to provide examples of how you've approached risk assessment and treatment in previous roles, so think of specific instances where your analytical skills made a difference.
✨Familiarise Yourself with Relevant Frameworks
Brush up on key information security frameworks such as FFIEC, NIST, and ISO. Being able to discuss these frameworks and how they relate to technology and cyber risk management will show that you're well-prepared and knowledgeable about industry standards.
