Description

IT Lead Security Specialist

We are seeking an IT Lead Security Specialist to join our team at Oliver Wyman. This role will be based in Mexico City. This is a hybrid role that has a requirement of working at least three days a week in the office. As an IT Lead Security Specialist at Oliver Wyman, you will design and implement essential security controls that mitigate risks and protect the firm's critical assets. Additionally, the position involves reviewing, assessing, and approving business projects to ensure adherence to security policies, standards, and industry best practices for data protection.

We will count on you to:

Security Risk Management

• Partner with the OWG CISO to design and execute a risk-based cybersecurity strategy aligned with OWG's distinct business operating model.

• Enable business teams to navigate firm-wide policies and standards, leveraging risk-informed exceptions when justified in meeting OWG's differentiated needs.

• Lead risk review processes, guiding appropriate treatment planning in collaboration with stakeholders.

• Monitor and continually improve key security risk metrics, ensuring a focus on the reduction of risks to OWG's platforms and applications.

Security Advisory

• Advocate for tailored security solutions that meet OWG's unique business needs while maintaining enterprise-wide risk management practices.

• Participate in the Architecture Review Board (ARB), actively evaluating designs and decisions. Provide risk-based recommendations informed by security architecture principles, fostering secure and scalable design solutions.

• Lead the pre-screening assessments for new tools and technologies, ensuring compliance with OWG security standards within defined timelines (e.g., 3 business days).

Cloud & Infrastructure Security

• Identify, assess, and communicate security risks and threats to OWG's cloud environments and IT infrastructure.

• Lead initiatives to adopt and mature system security practices, such as multi-factor authentication, encryption-at-rest, and advanced logging capabilities.

• Coordinate with engineering teams to ensure risks are mitigated swiftly in line with predefined SLAs

Security Control Tech Debt Remediation

• Evaluate and remediate technical debt associated with legacy security controls, prioritizing resolutions based on risk impact.

• Partner with engineering and IT teams to address obsolescence risks and implement sustainable security measures.

Acquisition Security

• Collaborate with acquisition teams during due diligence, assessing cybersecurity risks and proposing mitigations.

• Review and analyze due diligence reports, offering strategic input on alignment with OWG security policies.

• Guide secure integration planning and execution for post-acquisition scenarios.

What you need to have:

• B.S. in Cybersecurity, Information Technology, Business Administration, or a related field preferred.
• 7+ years of experience in cybersecurity, with a focus on risk management, security advisory, and cloud security.
• Extensive experience with IT platforms and infrastructure including public and hybrid cloud environments.
• Extensive experience in security controls, technologies, and threat countermeasures.
• Demonstrated experience in assessing and managing vendor and third-party cybersecurity risks.
• Excellent written and oral communication skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Advanced knowledge of security risks, risk management best practices, and the ability to develop risk-informed strategies.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001) and governance practices relevant to multinational organizations.
• Excellent communication skills in English is a must

Why join our team:

• We help you be your best through professional development opportunities, interesting work and supportive leaders.
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
• Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.

Marsh McLennan is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one "anchor day" per week on which their full team will be together in person.