Lead Analyst - Policy and Controls Operations

Job Description

Security Risk Management

We are taking a much more progressive approach to information security incorporating it within the fundamental design decision of technology architecture and governance. Our goal is to evolve Aon’s security risk capabilities by integrating security into our technology systems design process and operational delivery. This will greatly accelerate the firm’s ability to anticipate and respond to the threat of cyber risk and provide secure platforms for business growth and innovation.


  • Maintain Aon Security control & exception library
  • Manage organizational control library
  • Operationalize security control framework
  • Security Risk response to control library (lifecycle management)
  • Map findings, exceptions (internal-client), asset criticality, automation etc.
  • Provide support to IT, Cybersecurity, HR and other departments in implementation of Control Framework in line with information/cyber security management system processes.
  • Update Aon’s control library and policy framework, including control criteria and assessment attributes.
  1. Controls Management
  • Identify current/emerging gaps in the control environment and provide expert advice on new control requirements
  • Escalate identified emerging gaps in policy or the controls environment. Integrate new laws, statutes, standards, and regulatory into control framework.
  • Maintain Aon’s security and technology control library, including control criteria and assessment attributes
  • Update content of Aon’s control library to industry recognized standards (COBIT, ISO, NIST, etc.)
  • Update mapping of Aon’s control library to industry recognized standards (COBIT, ISO, NIST, etc.)
  • Test the effectiveness and adequacy of control framework, including deployment and gaps


  1. Exception Management
  • Single point of contact for supporting and recording control exceptions
  • Support the policy oversight leader and IT risk leader for strategic control exception review.
  • Maintain and update the exception register and help integrate/update the risk register.
  1. Stakeholder Management


  • Liaison with global IT leads, internal audit, other cyber and regulatory function to socialize the Aon control framework
  • Maintain engagement with regional IT, IA, and Privacy teams.

Skill Requirements:

  • Good understanding of implementing (develop & maintain) information/cyber security and technology Controls and analysing or evaluating the associated Risks.
  • Good knowledge of various control frameworks
  • Sound knowledge of risk management, technical control design and methodologies
  • Ability to understand regulatory requirements and translate into control statements
  • Advance knowledge of IT and Security policies
  • Knowledge of Internal Audit function
  • Knowledge of relevant laws, policies, procedures, or governance
  • Knowledge of risk management processes, including steps and methods for assessing risk
  • Knowledge of SOx, HIPPA, FCA, PII & PCI requirements Able to deliver high quality, accurate work within tight deadlines.
  • Knowledge of structured analysis principles and methods
  • Knowledge of the organization's enterprise information technology (IT) goals and objectives
  • Strong Analytical Skills
  • Ability to identify business needs and develop solutions
  • Strong Written and verbal English proficiency
  • Excellent engagement and communications skills
  • A sound understanding of security architecture, network and server administration support would be a plus.
  • GRC framework use/design/implementation would be a plus.

 Preferred Qualification:

  • Bachelor's and/or Master's degree in Computer Science, Information Systems, Cyber Security or related discipline
  • Professional certifications like CISA, CISSP,CISM,CRISC would be a plus
  • Professional Experience Overall 10-12 years of total technical experience with 3-4 years of core experience on skill requirements above

We offer:

  • The best medical cover on the market with free dental care
  • Generous benefits package for your wellbeing (multisport cards, insurance, vouchers, and many more!)
  • Stability of employment and permanent contract after trial period
  • Brand new office supporting collaboration, flexibility and activity based working
  • Internal career opportunities and individual development plan
  • Unique workplace culture - we value openness, honesty and authenticity, so don’t expect formal dress code nor managers hidden behind closed doors
  • Lots of social events, charity actions and opportunities to integrate with colleagues



Please attach CV in English only.