Third Party Information Security Risk Management Specialist

Join to apply for the Third Party Information Security Risk Management Specialist role at WTW

Drive Risk Awareness. Strengthen Supply Chain Security.

We’re looking for an experienced Information Security Risk Management Specialist to help safeguard WTW’s global operations by identifying and managing information security risks across our supply chain.

In this key role, you’ll be responsible for developing and implementing risk management strategies, performing in-depth supplier security assessments, and ensuring compliance with industry standards, regulatory requirements, and internal WTW policies.

You'll play a critical part in enhancing our third-party risk posture by working closely with internal teams and external partners to assess vulnerabilities, mitigate threats, and embed security best practices throughout the supply chain.

If you have a strong background in information security, risk management, and a passion for making businesses more resilient—we’d love to hear from you.

This role, can also be based in the London, UK or Warsaw, Poland or Lisbon, Portugal or Madrid Spain.

The Role

This role will support the ongoing operations of WTW Technology and Cyber Risk and Controls & Regulatory engagement function in:

• Evaluate supplier information security practices, policies and systems or risk exposure.
• Enhance risk assessment methodologies for supplier relationship management.
• Conduct thorough security assessments of suppliers to identify potential risks and vulnerabilities.
• Engage with procurement, legal and other stakeholder to integrate security requirements into supplier contracts.
• Collaborate with suppliers to develop and implement risk mitigation plans.
• Identify supplier risks and security gaps and support of tracking and remediation.
• Guide and support the Third-Party Security Assessment team with assessments and due diligence activities in line with Information and Cyber Security requirements.
• Provide guidance and support to internal teams on supplier risk management best practices.
• Stay up to date with the latest information security trends, threats, and technologies.
• Provide reports and recommendations to management on supplier risk and mitigation activities.
• Ensure adherence to relevant regulations, WTW standards, and industry best practices.

The Requirements

• Strong experience in technology role with proven experience of supplier risk management.
• Hold professional qualifications in a related subject for example, CRISC, CISSP, CISM, CISA.
• Experience of working within a global financial organization.
• Knowledge and experience of governance, risk and controls framework and related processes.
• Experience of technology, cyber risk and supply chain risk management.
• Expertise in conducting supplier security risk assessments.
• Attention to detail and a pre-emptive approach to identifying and mitigating risks.
• Ability to assess and manage information security risks effectively.
• Detail-oriented and capable of delivering at a high level of accuracy.
• Able to interpret & present data and information in the appropriate format for different audiences.
• Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO, DORA etc.).
• Excellent Communication skills, especially written English.
• The ability to foster and grow relationships, constructive challenge and negotiation skills.

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation.

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants.