17 ene
Marsh Mclennan
Xico
Company: Oliver Wyman
Description: Oliver Wyman is a global leader in management consulting. With offices in 70 cities across 30 countries, Oliver Wyman combines deep industry knowledge with specialized expertise in strategy, operations, risk management, and organization transformation. Our 7,000 professionals help clients optimize their business, improve their operations and risk profile, and accelerate their organizational performance to seize the most attractive opportunities.
Job Overview: As a trusted member of the Information Technology Services team, the Senior Security Controls & Risk Analyst ensures that information security of Oliver Wyman Group within our infrastructure,
applications and business processes is continuously improved. This includes proactive review and remediation of the current state of OWG tech security issues, management processes, tools, and activities, and providing recommendations for enhancement where appropriate. Candidates will have broad Information Security skills with a solid understanding of cross functional IT Security areas such as Identity & Access Management, Infrastructure Security, Application Security, Data Protection, and experience working with a broader team on security products and services.
This is a hybrid role that requires 2 days per week in the Mexico City office. There is no option to be fully remote.
Please submit CVs in English Key Responsibilities: Lead and manage security and privacy initiatives within the organization, working closely with the CISO and other senior leaders.Collaborate with various teams across the organization to develop and implement effective security strategies that address business challenges and ensure the protection of sensitive information.Drive implementation of security measures that effectively mitigate risks without hindering operational agility, ensuring seamless integration of security controls into business processes.Develop and deliver persuasive presentations and communications to business and technical stakeholders, advocating for the adoption of security measures and highlighting the importance of addressing security challenges.Foster strong relationships with key stakeholders, including senior leadership, business unit leaders, and IT teams, to gain their support and cooperation in implementing security initiatives.Collaborate with cross-functional teams to integrate security and risk management practices into their operational processes, ensuring that security considerations are embedded throughout the organization.Provide guidance and expertise on security best practices and necessary steps to address security issues, acting as a trusted advisor to both business and technical teams.Conduct security risk assessments and reviews, identifying potential threats and vulnerabilities, and evaluating their potential impact on the organization.Manage and maintain the organization's risk register, ensuring it is up-to-date and accurately reflects the current risk landscape.Develop, implement, and monitor risk mitigation plans to address identified security risks and ensure continuous improvement of security compliance.Assist in the annual review of security policies, standards, and procedures, making recommendations for updates and improvements.Qualifications:
Bachelor's or Master's degree in Information Security, Computer Science, or a related field.English fluency (spoken & written) REQUIREDProfessional security certifications such as CISSP, CISM, CRISC, or similar are highly desirable.A minimum of 5-7 years of experience in information security, with a focus on security risk management.Strong understanding of security frameworks (e.g., NIST, ISO 27001), regulations (e.g., GDPR, HIPAA), and best practices.Proven experience in leading security projects and initiatives.Excellent analytical and problem-solving skills, with the ability to manage complex situations.Strong communication and interpersonal skills,
with the ability to articulate complex security concepts to a non-technical audience.Experience with security technologies (e.g., SIEM, firewalls, IDS/IPS, DLP, endpoint protection) and risk assessment tools.Ability to work independently as well as collaboratively in a team environment.
#J-18808-Ljbffr
Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.