Summary of Role
The successful candidate will be responsible for managing all activities related to Management Actions Plans (MAPs) raised by the WTW Internal audits (IA) across Technology, Cyber and Segments. The role holder will represent ICS in the end to end management of the MAP management whilst liaising with Controls Owners, IA as well as Enterprise Risk Management (ERM) function.
In addition, the role holder is responsible for execution of all reporting capabilities related to IS MAPs.
This role will suit a candidate with excellent stakeholder management skills and the ability to
arbitrate between Internal Audit and IT stakeholders as necessary bringing to bear deep
specialist knowledge in technology and cyber security controls.
Based in the UK the role will have global stakeholders and require the ability to manage them remotely. The successful candidate will be organized with good attention to detail and the ability to work under pressure.
The role holder will work closely with stakeholders to ensure that details of the MAPs and expectation to close them are clearly understood by control owners, including expectation from IA about controls operating effectively. Providing suggestions and recommendations on MAP closure to control owners will be a core remit of this role. They will be an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence and ensuring effective management of cyber and technology risk.
- Working with control owners and other key stakeholders to prepare artifacts required to close IA MAPs
- Working with the internal audit team to agreed processes and required artifacts
- Prepare for and co-ordinate MAP related briefing of attendees, attendance at meetings, co-ordination of scheduling and review of management responses
- Provide insight into audit findings and coach others through the development of remediation plans to ensure timely MAP closure
- Facilitate the development and documentation of controls in response to MAPs issues raised by internal audit
- Provide appropriate challenge to Internal auditors
- Status reporting and MI for technology management and senior stakeholders
- Effective communication to all stakeholders
- Review of draft artifacts prior to the details submitted to IA
- Taking initiatives and contributing to improvement of the Cyber and Technology Risk management activities
- Work with the wider Cyber and Technology risk management team to ensure correlation of related artifacts and follow ups with stakeholders
- Identify opportunities and recommendation to improve the design and implementation of technology controls
- In depth understanding of three lines of defense principles and scope
- Credibility and technical understanding of cyber and technology risk and control management practices
- Previous experience in an IT Audit or Risk Management role
- Knowledge and understanding of IT general controls and IT concepts
- Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate a strong awareness of technology and how IT is used to enable business processes.
- Professionally qualified (CISA/CISM/CRISC/ CCSP/CISSP) is desired
- Experience of working within a Global Financial organisation (desirable)
- Ability to work independently as well as part of the team
Equal Opportunity Employer