IT Security Controls & Risk Analyst

Company:

Oliver Wyman

Description:

IT Security Controls & Risk Analyst

We are seeking an IT Security Controls & Risk Analyst to join our Applications Development team at Oliver Wyman. This role will be based in Mexico City. This is a hybrid role that has a requirement of working at least three days a week in the office. As an IT Security Risk Analyst, you will ensure that information security of Oliver Wyman Group within our infrastructure, applications and business processes is continuously improved.

We will count on you to:

• Support implementation and management of security, compliance and privacy initiatives as required initiatives.
• Assist in conducting security risk assessments and reviews, identifying potential threats and vulnerabilities, and evaluating their potential impact on the organization.
• Contribute to the development, implementation, and monitoring of risk mitigation plans to address identified security risks and ensure continuous improvement of the security compliance.
• Support the Security, Risk and Controls and team with gathering, updating and maintaining data regarding our technology assets, to ensure we are meeting security and compliance standards WRT those assets, and accurately supporting security metrics.
• Support MMC teams working where required to ensure vulnerabilities are addressed and remediated.
• Provide security consulting and technical assistance with the evaluation, selection, initial set-up and secure deployment of new OWG Tech systems as requested.
• Liaise with vendor risk, cloud and application security teams to ensure Tech project assessments are completed when required

What you need to have:

• Bachelor’s or master’s degree in information security, Computer Science, or a related field.
• A minimum of 5-7 years of experience in information security, with a focus on security risk management.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001), regulations (e.g., GDPR, HIPAA), and best practices.
• Excellent analytical and problem-solving skills, with the ability to manage complex situations.
• Strong communication and interpersonal skills, with the ability to articulate complex security concepts to a non-technical audience.
• English fluency (spoken & written) REQUIRED

What makes you stand out:

• Professional security certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
• Proven experience in leading security projects and initiatives.
• Experience with security technologies (e.g., SIEM, firewalls, IDS/IPS, DLP, endpoint protection) and risk assessment tools.

Why join our team:

• We help you be your best through professional development opportunities, interesting work and supportive leaders.
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
• Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.

Marsh McLennan is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.