Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Drive risk awareness and strengthen supply chain security through assessments and compliance.
- Company: WTW is a global leader in risk management, helping businesses become more resilient.
- Benefits: Enjoy a hybrid work model with flexibility to suit your lifestyle and needs.
- Why this job: Make a real impact by enhancing third-party risk posture and collaborating with diverse teams.
- Qualifications: Strong experience in supplier risk management and relevant professional qualifications required.
- Other info: We embrace diversity and provide equal opportunities for all applicants.
The predicted salary is between 43200 - 72000 ÂŁ per year.
Description
Drive Risk Awareness. Strengthen Supply Chain Security.
We’re looking for an experienced Information Security Risk Management Specialist to help safeguard WTW’s global operations by identifying and managing information security risks across our supply chain .
In this key role, you’ll be responsible for developing and implementing risk management strategies, performing in-depth supplier security assessments , and ensuring compliance with industry standards, regulatory requirements, and internal WTW policies .
You\’ll play a critical part in enhancing our third-party risk posture by working closely with internal teams and external partners to assess vulnerabilities, mitigate threats, and embed security best practices throughout the supply chain.
If you have a strong background in information security, risk management, and a passion for making businesses more resilient—we’d love to hear from you.
The Role
This role will support the ongoing operations of WTW Technology and Cyber Risk and Controls & Regulatory engagement function in:
- Evaluate supplier information security practices, policies and systems or risk exposure.
- Enhance risk assessment methodologies for supplier relationship management.
- Conduct thorough security assessments of suppliers to identify potential risks and vulnerabilities.
- Engage with procurement, legal and other stakeholder to integrate security requirements into supplier contracts.
- Collaborate with suppliers to develop and implement risk mitigation plans.
- Identify supplier risks and security gaps and support of tracking and remediation.
- Guide and support the Third-Party Security Assessment team with assessments and due diligence activities in line with Information and Cyber Security requirements.
- Provide guidance and support to internal teams on supplier risk management best practices.
- Stay up to date with the latest information security trends, threats, and technologies.
- Provide reports and recommendations to management on supplier risk and mitigation activities.
- Ensure adherence to relevant regulations, WTW standards, and industry best practices.
At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution. We understand flexibility is key to supporting an inclusive and diverse workforce and so we encourage requests for all types of flexible working as well as location-based arrangements. Please speak to your recruiter to discuss more.
Qualifications
The Requirements
- Strong experience in technology role with proven experience of supplier risk management (for example, in projects, technical SME areas etc.).
- Hold professional qualifications in a related subject for example, CRISC, CISSP, CISM, CISA
- Experience of working within a global financial organization.
- Knowledge and experience of governance, risk and controls framework and related processes.
- Experience of technology, cyber risk and supply chain risk management.
- Experience and thorough understanding of technology and cyber controls processes.
- Expertise in conducting supplier security risk assessments.
- Attention to detail and a pre-emptive approach to identifying and mitigating risks.
- Ability to assess and manage information security risks effectively
- Detail-oriented and capable of delivering at a high level of accuracy.
- Proven ability to prioritise conflicting deadlines and priorities and respond quickly to changing priorities.
- Able to interpret & present data and information in the appropriate format for different audiences.
- Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO, DORA etc.)
- Ability to work as part of a team or solo.
- Excellent Communication skills, especially written English
- Strong stakeholder management
- The ability to foster and grow relationships, constructive challenge and negotiation skills.
- Experience of working in a live operational environment with an understanding of the impact of policy adherence is desirable.
At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.
We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email .
You don\’t need to have an account in ATS to apply for the jobs. Once you click apply, get started right away by simply using your email. Your profile will be created and kept up to date automatically as you enter details for each of your job applications.
#J-18808-Ljbffr
Third Party Information Security Risk Management Specialist employer: Willis Towers Watson
Contact Detail:
Willis Towers Watson Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Third Party Information Security Risk Management Specialist
✨Tip Number 1
Familiarise yourself with the latest information security frameworks and standards mentioned in the job description, such as NIST and ISO. This knowledge will not only help you understand the role better but also demonstrate your commitment to staying updated in the field.
✨Tip Number 2
Network with professionals in the information security and risk management sectors. Attend relevant webinars or local meetups to connect with others who may have insights into the company culture at WTW or the specifics of the role.
✨Tip Number 3
Prepare to discuss real-world examples of how you've successfully managed supplier risks in previous roles. Be ready to explain your thought process and the methodologies you used, as this will showcase your practical experience.
✨Tip Number 4
Research WTW’s recent projects or initiatives related to supply chain security. Being able to reference these during discussions can show your genuine interest in the company and how you can contribute to their goals.
We think you need these skills to ace Third Party Information Security Risk Management Specialist
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience in information security and risk management. Use specific examples that demonstrate your expertise in supplier risk management and your familiarity with industry standards.
Craft a Compelling Cover Letter: In your cover letter, express your passion for enhancing third-party risk posture. Mention how your background aligns with the responsibilities outlined in the job description, such as conducting security assessments and collaborating with stakeholders.
Showcase Relevant Qualifications: Clearly list any professional qualifications you hold, such as CRISC, CISSP, or CISM. This will help demonstrate your commitment to the field and your capability to meet the role's requirements.
Highlight Communication Skills: Since excellent communication skills are essential for this role, provide examples of how you've effectively communicated complex information to different audiences. This could be through reports, presentations, or stakeholder engagement.
How to prepare for a job interview at Willis Towers Watson
✨Showcase Your Risk Management Expertise
Be prepared to discuss your previous experience in supplier risk management. Highlight specific projects where you identified and mitigated risks, and explain the methodologies you used to assess supplier security practices.
✨Understand Industry Standards
Familiarise yourself with relevant information security frameworks such as NIST, ISO, and FFIEC. Be ready to discuss how these standards apply to the role and how you have implemented them in past positions.
✨Demonstrate Strong Communication Skills
Since this role involves collaboration with various stakeholders, practice articulating complex security concepts in a clear and concise manner. Prepare examples of how you've effectively communicated risk assessments and recommendations to different audiences.
✨Prepare for Scenario-Based Questions
Expect questions that present hypothetical situations related to supplier security risks. Think through your approach to assessing vulnerabilities and developing mitigation plans, and be ready to explain your thought process during the interview.
