Cyber Security Risk Specialist
As a key member of the Global Information Security Assessment and Incident Response team, theCyber Security Risk specialistis principally responsible for ensuring the global organization consistently adheres to its technology security policies and best practices through the implementation and use of sophisticated technical security risk assessment tools and methods. TheCyber Security Risk Specialistworks closely with a wide range of audiences, to include CIOs, CROs, Global Compliance Officers, the CISO and various technical teams from Legal and HR to IT experts to assess and ensure superior security controls remain effective at protecting millions in revenue generating capability. The role blends a unique highly technical skillset in Information Technology and Information Security with outstanding business acumen and communication skills in order to understand and convey complex Information Security concepts and solutions globally and at all levels in the organization. Therole must use advanced critical thinking and problem solving methods to operate flawlessly in high-pressure situations to protect the firm from advanced persistent threats and proactively identify probable risk areas across the business applications and systems to thwart active attacks Responsibilities
- Globally identify, document, measure and communicate technical Information Security Risks across the organization's data networks, systems, and applications using standard company toolsets and assessment processes to identify significant risk and attack surfaces which threaten the firm's revenue generating capabilities.
- Build enhanced risk assessment methodologies to effectively communicate technical attack threats to executive level business leaders in business terms.
- Monitor and research industry information sources for zero-day threats and emerging Information Security trends and vulnerabilities impacting the organization and its ability to serve its customers.
- Recommend, direct, and implement best in class technology and business process solutions to mitigate and reduce threat globally.
- Influence technical and strategic direction of the Information Security function as it relates to keeping information secure and available for all MMC clients and staff.
Strong knowledge across a wide range of technical information security disciplines and solutions e.g. firewalls, VPN, PKI, network and host IDS/IPS, vulnerability & risk assessment tools and methods, penetration testing, encryption, malware identification, containment and prevention, e-mail security, active directory and group policies, two-factor authentication, common Windows (desktop & server) OS, OSX, various UNIX/Linux platforms, TCP/IP, SIEM and other common security toolsets are required.
- Significant experience operating commercial and open-source computer forensics tools (e.g. Encase, FTK), ability to use command line tools and write simple scripts as needed to remotely analyze systems to harvest user activity, malware identification, etc. Demonstrate understanding of common vulnerabilities and threats affecting widely deployed software and methods to identify and remediate such issues.
- Understanding and awareness of common computer forensic techniques, proper evidence handling, etc.
- Must be results focused -- an expert problem solver with a strong desire to constantly research and master new concepts, technologies and solutions related to Information Security quickly and apply to ongoing tasks and deliverables.
- Must have meaningful experience conducting, supporting, or managing computer forensics investigations, computer incident response activities, and malware analysis
- Must demonstrate excellent written and verbal communication skills. Must be able to effectively lead meetings and conference calls involving IT, legal/HR, and/or client contacts and write security incident and investigative reports.
- Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members. Must be able to work well with others in a globally and culturally diverse environment. Must be able to successfully prioritize and manage to completion multiple complex tasks and deliverables. Must be able to speak clearly to conduct teleconferences.
- Must possess and demonstrate the highest degrees of integrity and accountability in all actions. Must be highly dependable and available on-call outside normal business hours as needed in response to critical security incidents and other events. Must be available for occasional travel (
- Related industry certifications a plus such as GCIH, GCFA, GCFE, or EnCETeh
- 4-year college) B.S. or B.A. Degree, Computer Science or relevant field.
- Minimum 10 years of combined incident, forensic, cyber risk and threat management experience required
Marsh & McLennan Companies is a global professional services firm offering clients advice and solutions in the areas of risk, strategy and people. Marsh is a leader in insurance broking and risk management; Guy Carpenter is a leader in providing risk and reinsurance intermediary services; Mercer is a leader in talent, health, retirement and investment consulting; and Oliver Wyman is a leader in management consulting. With annual revenue of $13 billion and approximately 60,000 colleagues worldwide, Marsh & McLennan Companies provides analysis, advice and transactional capabilities to clients in more than 130 countries. The Company is committed to being a responsible corporate citizen and making a positive impact in the communities in which it operates. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. For more information, please visit us at: www.mmc.com/diversity. Visit http://www.mmc.com/ for more information and follow us on LinkedIn and Twitter @MMC_Global
Marsh & McLennan Companies offers competitive salaries and comprehensive benefits and programs including: health and welfare, tuition assistance, 401K, employee assistance program, domestic partnership benefits, career mobility, employee network groups, volunteer opportunities, and other programs. For more information about our company, please visit us at: http://www.mmc.com/. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. For more information, please visit us at: www.mmc.com/diversity.
Marsh & McLennan Companies and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender Identity employers
See Inside the Office of Marsh & McLennan Companies
Marsh & McLennan Companies are four organizations—Marsh, Mercer, Guy Carpenter, and Oliver Wyman—that share a purpose of helping clients meet challenges and seize opportunities. As a unique professional services firm, Marsh & McLennan Companies boasts a global network of 60,000 experts in risk strategy, helping complex organizations manage risks and make the most of their opportunities, their capital, and their people.
Back to top