CASY-MSCCN Jobs

WTW has embarked on a multi-year programme to embed its physical and digital information security standards across the business. That is, ensuring clients, business partners and internal information is protected appropriately at all times. The Information Security Programme (ISP) covers all areas of the Willis business and aims to deliver prioritized and fit for purpose enhancements for each Willis business globally.

Privileged Access Management (PAM) is one of several initiatives which will deliver a series of changes over the ISP lifecycle.

You will work closely with business management, IT and internal stakeholders to support the delivery of WTW PAM. This includes working with members of the PAM Team and other business units, supporting them to manage Elevated access and passwords using the PAM strategic tool ‘CyberArk’.

Principal Duties/Responsibilities

• Lead the PAM team on a daily basis

• Manage daily PAM / CyberArk activities. Requests for access to safes and accounts

• Make sure legacy and current CyberArk structure is aligned to policy / Best practice

• Perform as an IAM PAM SME, consistently researching new ways to improve our IAM operations and overall strategy target

• Ensure adherence to Security Controls, Policies and Standards with a focus on automation and control.The

• Derive themes from identified gaps and recommend appropriate remediation measures to mitigate risk associated with gaps

• Work closely with senior leadership to Identify improvement opportunities to enhance existing controls and overall IAM governance program

• Analysis and monitoring of data to provide key metrics, to ensure least privilege and no toxic access in conjunction with our Audit teams

• Risk management and mitigation for IAM

• Engagement and communication with stakeholders across LoBs and IT platform leads to ensure awareness of IAM policies and procedures

• Knowledge transfer to the new team members

Communications and Relationships

• Report status regularly to Head of IAM

• Communicate and ensure execution of Sox and non-Sox Critical Application privileged accounts

• Provide challenge and escalate risk and issues where appropriate.

Qualifications:

• 5+ years of Information security and/or Identity Access management domain experience

• SME level knowledge of PAM and CyberArk best practices and experience with Identity Access Management technology.

• Practitioner knowledge of key IS and Cyber regulations and how organizations achieve compliance

• Be interested in developing skills and knowledge in information security.

• Formal training in security will be added advantage

• Experience & Knowledge of CyberArk key

• Strong IT skills, able to analyze data for reporting purposes and follow work instruction

• Relevant degree or equivalent experience preferred

Skills:

• Strong IT and analytical skills

• Proactive rather than reactive

• Team player with good interpersonal skills

• Knowledge and experience in Information Security Auditing Techniques

• Ability to work under pressure to tight timelines

• Organized and methodical

• Willing to challenge and desire to learn

• Good communication skills, both orally and in writing

Knowledge/Experience:

• 5+ Years CyberArk knowledge from a BaU level

• ‘Best practice’ level knowledge of PAM

Regulatory Requirements:

• Audit and Compliance knowledge identified by the Information Security Committee

• SOX Requirements for Privileged Access Monitoring and Controls

Equal Opportunity Employer