Associate Director - Cyber Security Risk Vulnerability Scoring

Company:

MMC Corporate

Description:

• We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon. This is a hybrid role that has a requirement of working at least three days a week in the office.

  Associate Director - Cyber Security Risk Vulnerability Scoring

• What can you expect?
  • To oversee and manage the Cybersecurity Risk Adjusted Vulnerability Scoring (RAVS) Program. This enterprise-level initiative is critical to transforming the measurement, prioritization, and response to cybersecurity vulnerabilities by leveraging integrated systems, threat intelligence, and contextual organizational data   

  We will count on you to:

  Program Oversight  
  1.  Lead the development, implementation, and ongoing management of the enterprise RAVS program.
  2.  Integrate data form vulnerability scanners, CMDB, threat intel feeds, cybersecurity systems, and internal business systems to generate dynamic risk adjusted vulnerability scores.
  3.  Collaborate with internal teams across cybersecurity, IT, risk, business units, data analytics to continuously refine RAVS logic and scoring models.
  4.  Develop operational playbook and prioritization framework that aligns vulnerabilities response to true business risk.

  RAVS Day-to- Day Operations and Risk Management

  1.  Monitor, triage, and escalate enterprise vulnerabilities based on RAVS output and threat indicators.

  2.  Provide real-time situational awareness and technical direction during vulnerability-related incidents and assessments.

  3.  Ensure integration and alignment between RAVS and enterprise vulnerability management platforms, SIEM, SOAR, threat intel, and cloud security tools.

  4. Track remediation efforts, metrics, SLAs & SLOs adherence, and risk decisions.
  5.  Generate executive-level dashboards and reports to communicate vulnerability risk posture and trends.

  Platform Management

  1.  Oversee functionality and data quality for critical systems.

  2.  Managing the operational health and data flows between vulnerability detection system, threat intelligence sources, asset inventories, and risk engines.

  3. Ensuring business context and asset criticality are mapped into RAVS platform to support accurate risk prioritization.

  4. Cross coloration with detection engineering and VMED to maintain score calculation logic, rule sets, and automation flows.

  5. Maintaining process documentation, operational runbooks, and continuous improvement workflows for all integrated components.

  Leadership and Collaboration

  1.  Cross Functional Collaboration: Support and collaborate with development, business CISOs, operations, and cloud teams across the enterprise to ensure effective vulnerability management practices.

  2. Support VMED with various project-based initiatives (creation of KPIs, onboarding of new tools, etc.).
  3.  Drive ongoing assessments of RAVS program’s effectiveness, identify areas for tuning, optimization, or automation.

  4. Collaborate with governance, risk, and compliance teams to align scoring outcomes with organizational risk thresholds and reporting needs.
  5. Lead training and onboarding of cross-functional stakeholders who interact with RAVS platform and outputs.
  6. Partner with Security Operations and other Detection & Response Teams (DART) to embed RAVS data into incident response and remediation workflows.
  7.  Support audit and regulatory readiness activities by ensuring RAVS processes and records meet enterprise and compliance standards.

  What you need to have:

  • Security Cloud Tools: Assist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership.
  • Integration: Integrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc
  • Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments.
  • CISSP, CISM, AWS Certified Security Specialist, or similar advanced cloud security certifications preferred.

  What makes you stand out?

  • 10+ Years Experience in Vulnerability Management, incident response, cloud security, or cybersecurity related fields, with at least 3 years’ experience in a senior technical role.

  Why join our team:

  • We help you be your best through professional development opportunities, interesting work and supportive leaders.
  • We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
  • Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

  Marsh McLennan (NYSE: MMC) is the world’s leading professional services firm in the areas of risk, strategy and people. The Company’s more than 85,000 colleagues advise clients in over 130 countries.  With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh provides data-driven risk advisory services and insurance solutions to commercial and consumer clients. Guy Carpenter  develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer  delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com, or follow us on LinkedIn and X.

  Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

  Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person

Attachments

Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.

Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.