WTW
We are seeking a highly experienced and strategic senior leader to oversee our Cyber Engineering, Identity & Access Management (IAM), and Data Loss Prevention (DLP) functions. This role will be responsible for driving the design, delivery, and governance of enterprise-wide security engineering solutions, while ensuring secure, scalable, and resilient identity and data protection services. The ideal candidate will combine deep technical expertise with strong leadership skills to shape the future of cybersecurity, identity, and data protection within the organization. This position is designated as a Senior Management Function (SMF) under the Financial Conduct Authority regime, carrying personal accountability for compliance, operational resilience, and security effectiveness. The Role: Strategic Leadership Define and execute the global strategy for Cyber Engineering, IAM, and DLP in alignment with the enterprise security and technology roadmap. Serve as a trusted advisor to the CISO, CIO, and executive leadership on emerging threats, secure architecture, identity, and data protection. Establish metrics and reporting to demonstrate effectiveness, risk reduction, and compliance with regulatory requirements (e.g., National Institute of Standards Cyber Security Framework (NIST CSF), Digital Operations Resilience Act (DORA), New Tork State Department of Financial Services (NYDFS), Sarbanes-Oxyley (SOX), and the Financia Conduct Authority(FCA). Cyber Engineering Oversight Lead engineering teams responsible for core security platforms, including endpoint protection, cloud security, network defense, vulnerability management, and DevSecOps integrations. Build and mature a comprehensive vulnerability management program, including continuous scanning, risk-based prioritization, remediation tracking, and Board-level reporting. Drive innovation by embedding security into cloud, hybrid, and modern application architectures ("Secure by Design" principles). Ensure the adoption of automation, orchestration, and advanced analytics to improve detection, response, and resiliency. Identity & Access Management Own enterprise-wide IAM strategy, including workforce and customer identity, privileged access management (PAM), identity governance and administration (IGA), and multi-factor authentication (MFA). Lead initiatives to modernize and integrate IAM platforms to support cloud adoption, Zero Trust, and frictionless user experiences. Partner with business and technology leaders to enable secure digital transformation through robust identity services. Data Loss Prevention (DLP) Advance a comprehensive Data Loss Prevention program to safeguard sensitive information across endpoints, cloud, email, and collaboration platforms. Establish enterprise-wide policies and controls to prevent unauthorized data exfiltration, insider threats, and regulatory breaches. Implement monitoring, classification, and enforcement mechanisms that balance data protection with business enablement. Partner with business, compliance, and data governance teams to align DLP strategy with General Data Protection Regulation, Financial Conduct Authority, Prudential Regulation Authority, Sarbanes-Oxley, and other global data protection requirements. Provide executive and Board-level reporting on data protection risks, incidents, and mitigation efforts. Governance, Risk & Compliance Ensure IAM, DLP, and security engineering practices meet regulatory, audit, and policy requirements. Define and maintain standards for identity lifecycle, access controls, data handling, and information protection. Oversee risk assessments and remediation programs tied to IAM, DLP, and security engineering platforms. Senior Management Function (FCA Responsibilities) As an FCA-designated Senior Management Function (SMF) role, the position carries individual accountability under the Senior Managers & Certification Regime (SM&CR). Specific responsibilities include: Personal accountability for ensuring cyber, IAM, and DLP controls are effective, proportionate, and aligned with FCA expectations for operational resilience and financial sector stability. Maintaining robust governance, oversight, and risk management frameworks for engineering, identity, and data protection, ensuring risks are identified, escalated, and remediated in line with FCA and PRA requirements. Demonstrating reasonable steps have been taken to oversee outsourced arrangements, third-party providers, and cloud services related to IAM, DLP, and cyber platforms. Ensuring Board and regulators receive timely, accurate, and complete information on cyber, identity, and data protection risks, vulnerabilities, and remediation activities. Acting as the point of accountability for operational resilience in cyber engineering, IAM, and DLP, supporting FCA requirements around impact tolerance, scenario testing, and response planning. Requirements: Progressive experience in cybersecurity, with extensive experience in leadership roles across IAM, cyber engineering, and/or data protection. Proven track record of leading global security programs at scale in complex, regulated environments (financial services strongly preferred). Expertise in IAM technologies (SailPoint, Okta, Azure AD, CyberArk, Ping Identity), DLP platforms (Symantec, Microsoft Purview, Forcepoint, Digital Guardian), and security engineering tools (EDR, CSPM, SIEM, SOAR, vulnerability management). Strong knowledge of Zero Trust, data protection regulations (GDPR, FCA, PRA), cloud-native security, and DevSecOps practices. Exceptional leadership, communication, and stakeholder engagement skills, with the ability to influence at Board and executive levels. Relevant certifications (CISSP, CISM, CCSP, CIPP/E, SABSA, or equivalent) preferred. We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email your recruiter.
We are seeking a highly experienced and strategic senior leader to oversee our Cyber Engineering, Identity & Access Management (IAM), and Data Loss Prevention (DLP) functions. This role will be responsible for driving the design, delivery, and governance of enterprise-wide security engineering solutions, while ensuring secure, scalable, and resilient identity and data protection services. The ideal candidate will combine deep technical expertise with strong leadership skills to shape the future of cybersecurity, identity, and data protection within the organization. This position is designated as a Senior Management Function (SMF) under the Financial Conduct Authority regime, carrying personal accountability for compliance, operational resilience, and security effectiveness. The Role: Strategic Leadership Define and execute the global strategy for Cyber Engineering, IAM, and DLP in alignment with the enterprise security and technology roadmap. Serve as a trusted advisor to the CISO, CIO, and executive leadership on emerging threats, secure architecture, identity, and data protection. Establish metrics and reporting to demonstrate effectiveness, risk reduction, and compliance with regulatory requirements (e.g., National Institute of Standards Cyber Security Framework (NIST CSF), Digital Operations Resilience Act (DORA), New Tork State Department of Financial Services (NYDFS), Sarbanes-Oxyley (SOX), and the Financia Conduct Authority(FCA). Cyber Engineering Oversight Lead engineering teams responsible for core security platforms, including endpoint protection, cloud security, network defense, vulnerability management, and DevSecOps integrations. Build and mature a comprehensive vulnerability management program, including continuous scanning, risk-based prioritization, remediation tracking, and Board-level reporting. Drive innovation by embedding security into cloud, hybrid, and modern application architectures ("Secure by Design" principles). Ensure the adoption of automation, orchestration, and advanced analytics to improve detection, response, and resiliency. Identity & Access Management Own enterprise-wide IAM strategy, including workforce and customer identity, privileged access management (PAM), identity governance and administration (IGA), and multi-factor authentication (MFA). Lead initiatives to modernize and integrate IAM platforms to support cloud adoption, Zero Trust, and frictionless user experiences. Partner with business and technology leaders to enable secure digital transformation through robust identity services. Data Loss Prevention (DLP) Advance a comprehensive Data Loss Prevention program to safeguard sensitive information across endpoints, cloud, email, and collaboration platforms. Establish enterprise-wide policies and controls to prevent unauthorized data exfiltration, insider threats, and regulatory breaches. Implement monitoring, classification, and enforcement mechanisms that balance data protection with business enablement. Partner with business, compliance, and data governance teams to align DLP strategy with General Data Protection Regulation, Financial Conduct Authority, Prudential Regulation Authority, Sarbanes-Oxley, and other global data protection requirements. Provide executive and Board-level reporting on data protection risks, incidents, and mitigation efforts. Governance, Risk & Compliance Ensure IAM, DLP, and security engineering practices meet regulatory, audit, and policy requirements. Define and maintain standards for identity lifecycle, access controls, data handling, and information protection. Oversee risk assessments and remediation programs tied to IAM, DLP, and security engineering platforms. Senior Management Function (FCA Responsibilities) As an FCA-designated Senior Management Function (SMF) role, the position carries individual accountability under the Senior Managers & Certification Regime (SM&CR). Specific responsibilities include: Personal accountability for ensuring cyber, IAM, and DLP controls are effective, proportionate, and aligned with FCA expectations for operational resilience and financial sector stability. Maintaining robust governance, oversight, and risk management frameworks for engineering, identity, and data protection, ensuring risks are identified, escalated, and remediated in line with FCA and PRA requirements. Demonstrating reasonable steps have been taken to oversee outsourced arrangements, third-party providers, and cloud services related to IAM, DLP, and cyber platforms. Ensuring Board and regulators receive timely, accurate, and complete information on cyber, identity, and data protection risks, vulnerabilities, and remediation activities. Acting as the point of accountability for operational resilience in cyber engineering, IAM, and DLP, supporting FCA requirements around impact tolerance, scenario testing, and response planning. Requirements: Progressive experience in cybersecurity, with extensive experience in leadership roles across IAM, cyber engineering, and/or data protection. Proven track record of leading global security programs at scale in complex, regulated environments (financial services strongly preferred). Expertise in IAM technologies (SailPoint, Okta, Azure AD, CyberArk, Ping Identity), DLP platforms (Symantec, Microsoft Purview, Forcepoint, Digital Guardian), and security engineering tools (EDR, CSPM, SIEM, SOAR, vulnerability management). Strong knowledge of Zero Trust, data protection regulations (GDPR, FCA, PRA), cloud-native security, and DevSecOps practices. Exceptional leadership, communication, and stakeholder engagement skills, with the ability to influence at Board and executive levels. Relevant certifications (CISSP, CISM, CCSP, CIPP/E, SABSA, or equivalent) preferred. We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email your recruiter.
WTW
Knutsford, Cheshire
We have an exciting opportunity to join our GB Mid-Market Technology & Business Improvement (TBI) Team as a Cloud Platform & Applications Senior Associate, leading the management and implementation of technology services across multiple systems and applications. This senior role is pivotal in maintaining and evolving our Azure Cloud tenant and associated business applications. Working closely with TBI Team colleagues and global DevOps and technology teams, the Senior Associate will help shape the future of our GB Mid-Market technology estate through the design and implementation of cloud and application governance frameworks, and by delivering technical activities that ensure performance, security, and operational efficiency. This role includes working with business stakeholders to identify application improvements, supporting technology improvement projects, and providing technical expert solutions across multiple platforms. This role is based in Knutsford with a hybrid working arrangement. For the first two weeks, office attendance is required three days per week for training and onboarding, followed by occasional visits every few months or as needed. The H&B GB Technology & Business Improvement Team manage the technology estate for our Mid-Market business and provide innovative solutions to support business improvement in automation and data management. A small but specialised team, we work closely with business leads, global support teams and external third parties to design and deliver technology and business improvement projects, while maintaining the cloud platform and business applications that provide critical services throughout the GB Mid-Market services. The Role: Cloud Platform Maintenance, Security and Management Collaborate with global DevOps and cloud support teams to manage Azure infrastructure. Implement monitoring and logging solutions for performance, availability, and security. Apply cloud security best practices and resolve vulnerabilities across cloud servers and resources. Manage cloud-based databases for optimal performance, availability, and security. Maintain and optimize virtual machines (VMs), ensuring patching, configuration, and compliance. Application Maintenance, Security & Improvement Implement application monitoring tools and resolve critical issues affecting business applications. Provide technical expertise for new technologies, data processing, and automation projects. Liaise with global teams to mitigate adverse impacts from global technology changes. Compliance & Governance Frameworks Design and implement governance and compliance controls aligned with global IT policies. Embed frameworks into operational processes to ensure ongoing compliance. Stakeholder Management Engage with Mid-Market business stakeholders to identify issues and lead improvement initiatives. Collaborate with global technology and operational teams to support global initiatives. Manage third-party technology vendors and ensure alignment with internal standards. Supporting Technology and Automation Projects Support Automation leads in releasing solutions via PowerApps. Troubleshoot network and cloud connectivity issues. Assist in the development and deployment of cloud databases and DevOps pipelines. The Requirements: Critical Expertise: Azure cloud architecture and services Cloud networking, virtual machines (VMs), and server management SQL Server and database optimization PowerApps and Power Platform Vulnerability remediation ISO standards and ITIL best practices Preferred Experience: Dynamics 365 & Dataverse Project Management methodologies (Agile, Scrum) DevOps principles and CI/CD pipeline integration Equal Opportunity Employer At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity. At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a "hybrid" style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and "hybrid" is not a one-size-fits-all solution. We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants.
We have an exciting opportunity to join our GB Mid-Market Technology & Business Improvement (TBI) Team as a Cloud Platform & Applications Senior Associate, leading the management and implementation of technology services across multiple systems and applications. This senior role is pivotal in maintaining and evolving our Azure Cloud tenant and associated business applications. Working closely with TBI Team colleagues and global DevOps and technology teams, the Senior Associate will help shape the future of our GB Mid-Market technology estate through the design and implementation of cloud and application governance frameworks, and by delivering technical activities that ensure performance, security, and operational efficiency. This role includes working with business stakeholders to identify application improvements, supporting technology improvement projects, and providing technical expert solutions across multiple platforms. This role is based in Knutsford with a hybrid working arrangement. For the first two weeks, office attendance is required three days per week for training and onboarding, followed by occasional visits every few months or as needed. The H&B GB Technology & Business Improvement Team manage the technology estate for our Mid-Market business and provide innovative solutions to support business improvement in automation and data management. A small but specialised team, we work closely with business leads, global support teams and external third parties to design and deliver technology and business improvement projects, while maintaining the cloud platform and business applications that provide critical services throughout the GB Mid-Market services. The Role: Cloud Platform Maintenance, Security and Management Collaborate with global DevOps and cloud support teams to manage Azure infrastructure. Implement monitoring and logging solutions for performance, availability, and security. Apply cloud security best practices and resolve vulnerabilities across cloud servers and resources. Manage cloud-based databases for optimal performance, availability, and security. Maintain and optimize virtual machines (VMs), ensuring patching, configuration, and compliance. Application Maintenance, Security & Improvement Implement application monitoring tools and resolve critical issues affecting business applications. Provide technical expertise for new technologies, data processing, and automation projects. Liaise with global teams to mitigate adverse impacts from global technology changes. Compliance & Governance Frameworks Design and implement governance and compliance controls aligned with global IT policies. Embed frameworks into operational processes to ensure ongoing compliance. Stakeholder Management Engage with Mid-Market business stakeholders to identify issues and lead improvement initiatives. Collaborate with global technology and operational teams to support global initiatives. Manage third-party technology vendors and ensure alignment with internal standards. Supporting Technology and Automation Projects Support Automation leads in releasing solutions via PowerApps. Troubleshoot network and cloud connectivity issues. Assist in the development and deployment of cloud databases and DevOps pipelines. The Requirements: Critical Expertise: Azure cloud architecture and services Cloud networking, virtual machines (VMs), and server management SQL Server and database optimization PowerApps and Power Platform Vulnerability remediation ISO standards and ITIL best practices Preferred Experience: Dynamics 365 & Dataverse Project Management methodologies (Agile, Scrum) DevOps principles and CI/CD pipeline integration Equal Opportunity Employer At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity. At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a "hybrid" style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and "hybrid" is not a one-size-fits-all solution. We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants.
