Summary of Role
The Insurance Consulting and Technology business within Willis Towers Watson provides expert advice and technology solutions across the insurance sector. Our clients include most of the leading global insurers as well as many of the largest financial services companies and other corporations. We are a preeminent developer and provider of risk analytics and financial modelling software, with over 1,000 major insurance clients worldwide. We combine the technical innovation and expertise of our software engineering professionals with the actuarial knowledge and thought leadership of our insurance consultants to provide world-class solutions that help clients measure value, manage risk and safeguard solvency.
As Head of Security of Software and SaaS Security, you will have overall responsibility for the security practices and governance used to develop and run our Insurance Technology portfolio of software solutions and services.
You will be responsible for:
- Overseeing the secure software development lifecycle (SSDLC) and policies of all of our software solutions by working with security architects, SecOps engineers, and security champions. Responsible for overall security of our software solutions, including our SaaS and Managed Hosted solutions.
- Working with our SecOps team members to oversee the assessment and gap analysis creation of our operational processes in preparation for SOC 2 reporting and ISO27001 certification of our hosted services
- Working with our Security Architecture team embers to ensure that security standards, processes, and architectures meet our security policies.
- Assessing and remediating risks discovered through the security assessments and testing processes initiated by both Insurance Consulting and Technology and the Corporate Information Security team
- Liaising with Corporate Information Security to determine the best way for Insurance Consulting and Technology to adhere to enterprise policies and standards, while also defining policies and standards that are unique to our business. And you will need to work with Legal ensure that we are adhering to underlying regulatory requirements
- Liaising with clients. The role will require you to work with Insurance Consulting and Technology Global Product Leaders and Software Sellers meeting with clients during the pre-sales process, to work with senior negotiators during the contracting process with clients, and to communicate with clients if there are any security breaches or events. To be successful, you will need a thorough understanding of our products, services, and processes, as well as our technologies and architectures.
You will have direct responsibility for a team security specialists (which will be built over the next 3 to 5 years) as well as matrix responsibility for leading security specialists in the Architecture, Engineering and Operations functions.
You will form part of the senior leadership team of the Technology business and will be expected to participate in defining the future of the business and ensuring its ongoing success.
- Experienced security professional with CISSP, Certified Information Security System Professional, certification with significant experience.
- Experienced technical professional with significant software architecture or senior software engineering experience. A strong working knowledge of Cloud architecture and technologies is required.
- Ability to learn quickly about the insurance business domains in which our portfolio of software products is deployed and be able to think and communicate in terms that end users feel comfortable with.
- A strong working knowledge of GDPR and other data regulations.
- Familiarity with software and service delivery lifecycle processes and support tools, estimation and quality assurance principles.
- Familiarity with IT operations support processes and procedures.
- Excellent written and verbal communication skills, enabling effective communication between the candidate and software engineers, product management teams and end customers.
- An understanding of software architecture and infrastructure design best practice and awareness of how to create systems which are secure, high performance, scalable, easily maintainable, extensible, and easy to test and debug.
- Background in product software development and management, software security assessment and threat modelling.
- Ability to make appropriate trade-offs managing technical, commercial, time scale and quality risks.
- Strong interpersonal and team skills.
- Self-starter attitude and ability to work with ambiguity.
- Proven experience producing quality deliverables on time.
- Enthusiastic, proactive, tenacious, motivational, collaborative.
Equal Opportunity Employer