MMC is seeking candidates for the following position based in the Mexico City office and be onsite 3 days a week: Senior Specialist Technology Risk Asessment
What can you expect?
A technology risk assessment (TRA) function, as the main purpose of the Sr. specialist, technical risk assessment role, provides in-depth security risk evaluation of commercial software applications, networking technologies, cloud services, information technologies that are brought by merger / acquisition targets, and wide deployment / elevated privilege software tools. These cybersecurity risk-based evaluations will outline adherence to MMC information security policy, standards, and practices, and will include evaluation of risk severity and formulation of effective controls or mitigation measures to reduce risk.
What is in it for you?
Be part of a multinational environment in constant evolution where you'll be able to learn, grow and create a future career opportunities across the organization.Extraordinary challenges, extraordinary colleagues, and the opportunity to make a difference.Our rich history has created a client service culture that we believe is second to none. Our commitments to diversity and Inclusion, Corporate Social Responsibility and sustainability demonstrate our commitment to stand for what is right.We’re an equal opportunity employer committed to embracing a diverse, inclusive and flexible work environment.Huge landscape to learn & work on new technologies and apply your skillsEnjoy unlimited access to a vast range of courses and professional training through Udemy to continually enhance your skills and knowledge.We will count on you to:
Engage with service requesting teams to understand the purpose of the information system ─under evaluation─ and requirements for deployment. Review the system’s security capabilities, understand the architectural components and deployment plans and against applicable security standards and controls to ensure alignment to Global Information Security requirements.Participate in larger technology reviews with multiple workstreams and project stakeholders, ensuring the timeliness and quality of the information security review.Produce reports and documentation to enable security and technology team members to understand outcomes of security analysis, including references to appropriate policies and standards and gaps in the solution capability.Ensuring a timely completion of TRA service requests; assess various projects simultaneously by managing the expectation of multiple stakeholders with competing priorities.Collaborate with other Technical Risk Assessment team and technology implementation teams within MMC in the creation and improvement of security implementation guidelines and standards, ensuringalignment to policy. Through training, and collaboration with other technology teams, the Senior Technical Risk Analysts acquire the knowledge, further expertise, and update information and practices to maintaining an excellent level of performance demanded by pervasive security threats and evolving security practicesWhat you need to have:
5+ years of working experience in IT.3+ of explicit working experience in information security, and risk; having performed technical risk identification, evaluation, and risk management processes. Use of risk management instruments and tools,such as risk registers and assessment tools.In-depth knowledge of IT, SDLC, information security, privacy, technical risks evaluation.Deep understanding of identity and access management (IAM) technologies and standards ─inclusive of cloud identity platforms & Microsoft AD─ encryption, networking, firewalls, web applications, onpremises and cloud application hosting environments.In-depth cloud service security and architectureStrong knowledge of NIST and ISO security risk frameworks, controls, and standards.Excellent communication skills in English (C1 level).What makes you stand out?
Exceptional communication skills to all levels of the organization & external contacts.Must be a self-starter, work with limited supervision & be able to work well with others in a globally diverse IT environment..CISSP and/or CSSLP certification is preferred. Other Information Security oriented certifications a plus.If you are interested, please send your CV in English.
Interviews will be held in English.
Marsh McLennan (NYSE: MMC) is the world’s leading professional services firm in the areas of risk, strategy and people. The Company’s 85,000 colleagues advise clients in 130 countries. With annual revenue of over $20 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh provides data-driven risk advisory services and insurance solutions to commercial and consumer clients. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wyman s serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com, or follow us on LinkedIn and Twitter.
Marsh McLennan is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.
Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local based teams will identify at least one “anchor day” per week on which their full team will be together in person. office or working onsite with clients at least three days per week.