Oliver Wyman is a global leader in management consulting. With offices in 70 cities across 30 countries, Oliver Wyman combines deep industry knowledge with specialized expertise in strategy, operations, risk management, and organization transformation. Our 7,000 professionals help clients optimize their business, improve their operations and risk profile, and accelerate their organizational performance to seize the most attractive opportunities. Oliver Wyman’s thought leadership is evident in our agenda-setting books, white papers, research reports, and articles in the business press. Our clients are the CEOs and executive teams of the top Global 1000 companies.
Visit our website for more details about Oliver Wyman: www.oliverwyman.com
Job Overview:
As a trusted member of the Information Technology Services team, the Senior Security Controls & Risk Analyst ensures that information security of Oliver Wyman Group within our infrastructure, applications and business processes is continuously improved. This includes proactive review and remediation of the current state of OWG tech security issues, management processes, tools, and activities, and providing recommendations for enhancement where appropriate. Candidates will have broad Information Security skills with a solid understanding of cross functional IT Security areas such as Identity & Access Management, Infrastructure Security, Application Security, Data Protection, and experience working with a broader team on security products and services.
This is a hybrid role that requires 2 days per week in the Mexico City office. There is no option to be fully remote.
**Please submit CVs in English**
Key Responsibilities:
Lead and manage security and privacy initiatives within the organization, working closely with the CISO and other senior leaders.
Collaborate with various teams across the organization to develop and implement effective security strategies that address business challenges and ensure the protection of sensitive information.
Drive implementation of security measures that effectively mitigate risks without hindering operational agility, ensuring seamless integration of security controls into business processes.
Develop and deliver persuasive presentations and communications to business and technical stakeholders, advocating for the adoption of security measures and highlighting the importance of addressing security challenges.
Foster strong relationships with key stakeholders, including senior leadership, business unit leaders, and IT teams, to gain their support and cooperation in implementing security initiatives.
Collaborate with cross-functional teams to integrate security and risk management practices into their operational processes, ensuring that security considerations are embedded throughout the organization.
Provide guidance and expertise on security best practices and necessary steps to address security issues, acting as a trusted advisor to both business and technical teams.
Conduct security risk assessments and reviews, identifying potential threats and vulnerabilities, and evaluating their potential impact on the organization.
Manage and maintain the organization's risk register, ensuring it is up-to-date and accurately reflects the current risk landscape.
Develop, implement, and monitor risk mitigation plans to address identified security risks and ensure continuous improvement of security compliance.
Assist in the annual review of security policies, standards, and procedures, making recommendations for updates and improvements.
Qualifications:
Bachelor's or Master's degree in Information Security, Computer Science, or a related field.
English fluency (spoken & written) REQUIRED
Professional security certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
A minimum of 5-7 years of experience in information security, with a focus on security risk management.
Strong understanding of security frameworks (e.g., NIST, ISO 27001), regulations (e.g., GDPR, HIPAA), and best practices.
Proven experience in leading security projects and initiatives.
Excellent analytical and problem-solving skills, with the ability to manage complex situations.
Strong communication and interpersonal skills, with the ability to articulate complex security concepts to a non-technical audience.
Experience with security technologies (e.g., SIEM, firewalls, IDS/IPS, DLP, endpoint protection) and risk assessment tools.
Ability to work independently as well as collaboratively in a team environment.
Marsh & McLennan Companies is a global professional services firm providing advice and solutions in the areas of risk, strategy and human capital. It is the parent company of a number of the world's leading risk experts and specialty consultants, including Marsh, the insurance broker and risk advisor; Guy Carpenter, the risk and reinsurance specialist; Mercer, the provider of HR and related financial advice and services; and Oliver Wyman, the management consultancy. With over 81,000 colleagues advise clients in 130 countries and annual revenue of nearly $19 billion, Marsh & McLennan Companies provides analysis, advice and transactional capabilities to clients in more than 130 countries. Its stock (ticker symbol: MMC) is listed on the New York, Chicago and London stock exchanges
Marsh & McLennan Companies offers competitive salaries and comprehensive benefits and programs, career mobility, employee network groups, volunteer opportunities, and other programs. For more information about our company, please visit us at: www.mmc.com. We are committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people regardless of their sex/gender, marital or parental status, ethnic origin, nationality, age, background, disability, sexual orientation, gender identity, gender expression or any other characteristic protected by applicable law