Cyber Security Lead 8/23/2016
Willis North America Inc.
JOB DESCRIPTIONAPPLY Job Title: Cyber Security Lead
Location: Philadelphia, PA
Willis Towers Watson (NASDAQ: WLTW ) is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 39,000 employees in more than 120 territories. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas the dynamic formula that drives business performance. Unlock your potential at Willis Towers Watson
As part of the Information Security and IT Risk senior management team, you will lead the operations, management and rapid improvement of our global Cyber Defense Centre to address evolving threats, monitor our network and data, and respond to incidents. You will lead the CDC and Application Security teams and work with business leaders, IT leaders, clients and partners to build an effective security capability including people, processes and new technologies to protect critical data and technology assets from advanced threats.
With exceptional technical knowledge, calm approach under pressure, and a genuine passion for security, you will also be an exceptional communicator, explaining out cyber defense posture and approach to clients, boards, regulators and committees.
You will deputize for the Chief Information Security Officer as required.
KNOWLEDGE, SKILLS AND EXPERIENCE:
* Manage the operational activities of the Cyber Defense Centre, Application Security & Incident Management teams and drive continuous improvement.
* Ensure that logging and monitoring of network, application, system and business logs and data is appropriate, sufficient and effective to identify
* Ensure effective threat awareness, and liaise with external bodies to maintain visibility of external threats and events what may impact Willis Towers Watson
* Ensure that events are identified, triaged, assessed, escalated and resolved and root causes determined and addressed, following a risk based approach
* Plan, design implement and execute regular incident readiness and response testing (Red team / blue team, etc) involving IT, business partners and executive management.
* Implement and deliver effective independent testing including external penetration testing and application security testing
* Work across multiple functions to embed effective security controls and testing in the development lifecycle and technology change processes
* Define and maintain effective global operational processes, policies and procedures ensuring that legal, regulatory and client requirements are met at all times
* Identify and collate MI, and report to the CISO and business leaders on our cyber defense posture
* Provide effective and response support to the global business, clients and partners
* Share ownership of the overall strategy for Information Security & IT Risk
* Identify, prioritize and lead delivery of cyber security change projects and improvements
* Work closely with business leaders and other IT departments (notably IT Architecture, IT Operations) to ensure the effective design and operation of both business and technical controls.
* Develop and implement proactive testing plans and lead the response to security incidents.
* Effective management, development and support for the global team.
* Leadership experience in Information Security, Security Operations or a closely related function, in a regulated enterprise environment or the large public sector organization
* Experience of managing and developing a team of technical specialists, delivering control improvements, driving forward change and implementing strategic change projects.
* Comprehensive understanding of security threats, risks and countermeasures and ability to apply in a practical context
* Hands-on operational security experience combined with an ability to identify, design, architect and implement future state business and technology controls
* Exceptional relationship management skills and an ability to communicate effectively at all levels of the organization
* Strong team player with good interpersonal and influencing skills, and both business and technical credibility
* Calm, organized and methodical with excellent analytical and problem solving skills.
* Agile and responsive approach to meeting business, security and technology objectives and delivering continuous improvement.
* Understanding of application security including dynamic testing, static code analysis, application penetration testing
* Technical understanding including TVM, DLP, APT, SEIM, perimeter security, content filtering, packet flows, IPS/IDS, etc.
* Hold and maintain appropriate technical security and technology qualifications, such as OSCP, CEH. Likely to have degree in Computer Science and/or vendor qualifications such as CCNA, MCSE. Information security certifications such as CISSP, CRISC, CISM, CISM, IISP.
* Thorough understanding of technical security countermeasures and awareness of external and internal threat landscape.
* Experience of managing security incidents.
WHAT CAN WE OFFER YOU*
Competitive salary and a comprehensive benefits package including life, medical, dental, vision, flexible spending accounts, disability coverage, 401k and an employee stock purchase plan as well as many other options to full time employees.
Willis Towers Watson is publicly traded on the NASDAQ (WLTW). Additional information on Willis may be found on its web site: www.willistowerswatson.com.
Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson.
Willis Towers Watson is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, age, status as a protected veteran, or disability.
Equal Employment Opportunity: Know your rights.
Willis is an Equal Opportunity Employer who supports Diversity Minority / Female/ Disability / Veteran.