The Senior Specialist Technical Risk Assessment role’s main purpose is to provide an in-depth analysis of the security risk affecting an information system being evaluated by MMC, as a component of MMC technology onboarding process.
A technical risk assessment (TRA) function, as the main purpose of the Sr. technical risk analyst role, provides in-depth security risk evaluation on information systems such as software applications, cloud services, potential merger/ acquisition targets, and wide deployment / elevated privilege software tools. These security risk-based evaluations
will outline adherence to information security policy, standards, and controls; and will include enumerations of risks
and recommendations for actions or mitigations to reduce risk.
What can you expect?
The most relevant responsibility is the identification of security concerns and the assessment of technical risks
in information systems ─under evaluation─ such as, software products, cloud services, applications, DBs, and technology implementations.
To perform this main responsibility, the Senior Technical Risk Analysts:
Engage with the service requesting team to understand the purpose of the information systems ─under evaluation─ and its requirements for deployment. Review the solution capability, deployment plans and solution architecture to ensure alignment to Global Information Security requirements.
Work with technology teams, technology product owners, architects, application owners, security leaders, and business teams (stakeholders) to identify the information systems’ security capabilities, security gaps, configuration requirements and technical security implementation recommendations.
Perform a technical risk evaluation of the information systems, including in-depth technical security aspects, such as the identification, authentication, and authorization of users, roles, and programs connecting to the information system under evaluation. Encryption mechanisms of MMC information assets in transit, at rest. Network security. Auditing, monitoring, and logging capabilities. System resiliency. Assessing the deployment of approved code and images . Suitability of patching practices and updates. With the goal of determining adherence to MMC Global Information Security requirements.
Produce risk reports and documentation to enable information system’s stakeholders to understand outcomes of analysis, including technical security implementation recommendations, references to appropriate policies and standards and gaps in the solution capability.
The Sr. TRA analyst will report directly to the TRA manager, as part of the Information Security IT / Cyber Risk Management organization within Global Information Security.
We will count on you:
Engage with service requesting teams to understand the purpose of the information system ─under
evaluation─ and requirements for deployment. Review the system’s security capabilities, understand the
architectural components and deployment plans and against applicable security standards and controls to
ensure alignment to Global Information Security requirements.
Participate in larger technology reviews with multiple workstreams and project stakeholders, ensuring the
timeliness and quality of the information security review.
Produce reports and documentation to enable security and technology team members to understand
outcomes of security analysis, including references to appropriate policies and standards and gaps in the
solution capability.
Ensuring a timely completion of TRA service requests; assess various projects simultaneously by managing
the expectation of multiple stakeholders with competing priorities.
Collaborate with other Technical Risk Assessment team and technology implementation teams within
MMC in the creation and improvement of security implementation guidelines and standards, ensuring
alignment to policy.
Through training, and collaboration with other technology teams, the Senior Technical Risk Analysts
acquire the knowledge, further expertise, and update information and practices to maintaining an excellent
level of performance demanded by pervasive security threats and evolving security practices.
What you need to have:
10+ years of working experience in IT.
5+ of explicit working experience in information security, and risk; having performed technical risk
identification, evaluation, and risk management processes. Use of risk management instruments and tools,
such as risk registers and assessment tools.
In-depth knowledge of IT, SDLC, information security, privacy, technical risks evaluation.
Deep understanding of identity and access management (IAM) technologies and standards ─inclusive of
cloud identity platforms & Microsoft AD─ encryption, networking, firewalls, web applications, on-premises,
and cloud application hosting environments.
In-depth cloud service security and architecture
Strong knowledge of NIST and ISO security risk frameworks, controls, and standards.
What makes you stand out?
Exceptional communication skills to all levels of the organization & external contacts
Must be a self-starter, work with limited supervision & be able to work well with others in a globally
diverse IT environment.
Experience coding/scripting with common languages such as Java Script, Python & Perl is preferred.
CISSP and/or CSSLP certification is preferred. Other Information Security oriented certifications a plus
What is in it for you?
A company with a strong brand and strong results to match.
Culture of internal mobility, collaboration, and valued partnerships.
Competitive pay (salary and performance bonus potential).
Full benefits package – starting day one (medical, dental, vision, life insurance, 401k match AND contribution).
About MMC.
Marsh is the world’s leading insurance broker and risk adviser. With over 35,000 colleagues operating in more than 130 countries, Marsh serves commercial and individual clients with data driven risk solutions and advisory
services. Marsh is a business of Marsh McLennan (NYSE: MMC), the leading global professional services firm in the areas of risk, strategy and people. With annual revenue approaching US $17 billion and 76,000 colleagues
worldwide, MMC helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses: Marsh, Guy Carpenter, Mercer, and Oliver Wyman. Follow Marsh on Twitter @MarshGlobal; LinkedIn; Facebook; and YouTube or subscribe to BRINK.
Marsh McLennan and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender
Identity employers
The applicable base salary range for this role is $82,600 to $165,200.
The base pay offered will be determined on factors such as experience, skills, training, location, certifications, education, and any applicable minimum wage requirements. Decisions will be determined on a case-by-case basis. In addition to the base salary, this position may be eligible for performance-based incentives.
We are excited to offer a competitive total rewards package which includes health and welfare benefits, tuition assistance, 401K savings and other retirement programs as well as employee assistance programs.