IT Senior Analyst - Information Security
Aon sp. z o. o
At Aon, we are taking a much more progressive approach to information security incorporating it within the fundamental design decision of technology architecture and governance. Our goal is to evolve Aon’s security risk capabilities by integrating security into our systems design process and operational delivery. This will greatly accelerate the firm’s ability to anticipate and respond to the threat of cyber/security risk and provide secure platforms for business growth and innovation.
Aon is in the business of better decisions
At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.
As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.
What the day will look like
Aon GRC Framework Development and Operationalization
- Support development of conceptual GRC reference model for Aon Security domain; scalable to other Aon enterprise risk domains.
- Identify and define the various processes required to operationalize the GRC framework.
- Support GRC (Tool) Administrative team to document the design requirements for GRC workflows development.
- Review and implement accountability model (Accountable and Responsible Roles) within GRC framework
Control Framework Management
- Review and update Aon security control framework to align with GRC requirements and overall ERM.
- Define and Operationalize processes to manage the security control lifecycle within Aon control framework.
- Review and enhance Aon control library to meet the everchanging regulatory and security requirements for Aon.
- Execute control inherent risk assessment and assign an inherent risk rating to each control within the Aon control library.
- Work with internal and external parties to understand the control requirements, control applicability and execution processes.
- Collaborate with Control Assessment, Treatment and Measurement workstreams to enhance the control framework as required.
Asset Inherent Risk Assessment
- Support definition of risk asset classification (Categorization/Types).
- Support development of a processes / workflows to conduct asset inherent risk assessment.
- Support development of an asset valuation scales based on the requirements described in Aon ERM. Identify and document the asset attributes to calculate and tag the asset value.
- Collaborate with different teams i.e., IT, HR, Privacy, Internal Audit etc. to establish and operationalize asset inherent risk assessment.
- Liaison with global IT leads, internal audit, other cyber and regulatory function to socialize the Aon Control Framework and GRC Framework.
Skills and experience that will lead to success
- At least 5 years of core experience on skill requirements above
- Good knowledge of GRC and Control frameworks
- Good Knowledge and understanding of interaction between Control, Policy and Risk Framework
- Sound knowledge of risk management, technical control design and methodologies
- Good understanding of implementing (develop & maintain) information/cyber security and technology Controls and analyzing or evaluating the associated Risks.
- Ability to understand regulatory requirements and translate into control statements
- Knowledge of risk management processes, including steps and methods for assessing risk
- Knowledge of SOx, HIPPA, FCA, PII, PCI, SOC 1 & 2, ISO27001 control requirements
- Able to deliver high quality, accurate work within tight deadlines.
- Strong Analytical Skills, Ability to identify business needs and develop solutions
- Strong Written and verbal English proficiency
- Excellent engagement and communications skills
- GRC framework use/design/implementation would be a plus.
How we support our colleagues
In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working!
Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.
We provide individuals with disabilities reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment in accordance with applicable law. Please contact us to request an accommodation on ReasonableAdjustments@Aon.com
Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.