Job Description

About the team:

The Information Security (InfoSec) team is responsible for protecting the organization's information, systems, and data from security threats. The team delivers security services that help identify, prevent, detect, and respond to cyber risks while supporting business and regulatory requirements.

The Role:

• Perform controls testing across On-Premise and Cloud environments, assessing Control Design Adequacy and Control Operating Effectiveness.

• Demonstrate knowledge of audit and compliance frameworks such as Sarbanes–Oxley Act Section 404 (SOX 404), SOC 2, SSAE 18, and New York Department of Financial Services Cybersecurity Regulation (NYDFS).

• Establish and maintain processes and procedures for control testing across diverse IT environments.

• Conduct control walkthroughs with system owners, engineers, architects, and business stakeholders to validate control processes and requirements.

• Gather audit evidence, perform testing, and document results in accordance with organizational standards.

• Adapt quickly to new domains and complex assessment activities while ensuring high-quality testing execution.

• Lead assigned projects independently, ensuring end-to-end ownership and timely delivery.

• Support team members through knowledge sharing, guidance, and collaboration.

• Identify, report, and track control gaps across on-prem and cloud environments, including ineffective or inadequate controls.

• Assess risk impact and severity associated with identified control deficiencies.

• Recommend improvements to control design and implementation to strengthen security and compliance posture.

• Support control owners in designing, implementing, and maintaining controls and documentation.

• Prepare comprehensive control testing reports including issue descriptions, evidence analysis, and recommendations.

• Perform additional tasks and responsibilities assigned by management.

• Stay updated with evolving information security regulations, standards, and industry best practices.

-

• Educated to degree level or equivalent

• 7-8 years’ experience with IT and technology controls/audit related engagements

• Experience of working within a Global Financial organization

• Problem Solving
• Delivery focused
• Strong communications and stakeholder management
  

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email  candidatehelpdesk@wtwco.com