Are you looking for a new major role as an Information Security Risk Manager?
You will serve as an individual contributor working closely with a wide range of audiences, from fellow IT Risk and Incident Managers, to Legal and HR representatives, Project Managers, other IT personnel, business partners, vendors and clients to meet IT Security objectives.
This position will help manage the information security risk including vulnerability management, vendor risk, and areas such as regulatory and compliance risk including New York Division of Financial Services Cybersecurity Regulations. The candidate will have experience in developing risk mitigation tactics and coordinating their execution across a global organization. In addition, the candidate should understand basic vendor risks and have experience in measuring and managing their risks. Finally, the candidate should have familiarity with regulations including NYDFS and DCPR.
- Identify, document, and communicate technical Information Security Risks in the organization’s data, networks, systems and applications using standard company toolsets/assessment processes.
- Assist in the development and refinement of Global Processes as required to ensure continued effectiveness.
- Conduct technical security risk and change reviews.
- Enforce security policies and best practices as required; ensuring information is appropriately secured.
- Engage business/project teams to clearly explain policies, decisions, and appropriate next steps to maximize efficiency and productivity of the Security Assessment process.
- Apply detailed technical knowledge and understanding of individual risks and interactions to available defenses and countermeasures.
- Use Enterprise-reporting tools to understand exposure potential.
- Document mitigation strategies and direct appropriate technical teams to implement as required.
- Review, contain and resolve security incidents and support investigative activities.
- Monitor and research information sources for Zero-day and, emerging Information Security threats and vulnerabilities impacting the organization; recommend, direct and/or implement appropriate solutions to mitigate.
- Execute network and application vulnerability assessments and extract, report, disseminate and manage risks across a large global organization.
- Bachelor Degree in Computer Science or related field
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Manager (CISM) Preferred
- Familiarity with NIST Cybersecurity Framework and other standards including NIST 900-53, COBIT, ISO 27001/27002 and Payment Card Industry (PCI) Compliance standard.
Marsh is a global leader in insurance broking and risk management. In more than 130 countries, our experts in every facet of risk and across industries help clients to anticipate, quantify, and more fully understand the range of risks they face. We work with clients of all sizes to define, design, and deliver innovative solutions to better quantify and manage risk. We offer risk management, risk consulting, insurance broking, alternative risk financing, and insurance program management services to businesses, government entities, organizations, and individuals around the world. To every client interaction we bring an unmatched combination of deep intellectual capital, industry-specific expertise, global experience, and collaboration. Since 1871, clients have relied on Marsh for trusted advice, to represent their interests in the marketplace, make sense of an increasingly complex world, and help turn risks into new opportunities for growth. Our more than 30,000 colleagues work on behalf of our clients, who are enterprises of all sizes in every industry, and include individuals, multinational organizations, and government entities worldwide. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. Visit www.marsh.com for more information and follow us on LinkedIn and Twitter @MarshGlobal
Marsh and its separately incorporated operating entities around the world are part of Marsh & McLennan Companies, a publicly held company (ticker symbol: MMC).
Marsh & McLennan Companies offers competitive salaries and comprehensive benefits and programs including: health and welfare, tuition assistance, 401K, employee assistance program, domestic partnership benefits, career mobility, employee network groups, volunteer opportunities, and other programs. For more information about our company, please visit us at: www.mmc.com/. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. For more information, please visit us at: www.mmc.com/diversity.
Marsh & McLennan Companies and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender Identity employers.