Oliver Wyman – ITS Risk & Controls Analyst - Mexico City - Ciudad de México

Company:Oliver Wyman Description: About Us Oliver Wyman is a global leader in management consulting. With offices in 50+ cities across 26 countries, Oliver Wyman combines deep industry knowledge with specialized expertise in strategy, operations, risk management, and organization transformation. Our 4100+ professionals help clients optimize their business, improve their operations and risk profile, and accelerate their organizational performance to seize the most attractive opportunities. Our clients are the CEOs and executive teams of the top Global 1000 companies. Key Tasks and Responsibilities Ensure privacy, risk and compliance requirements are addressed in project scope and deployment for assigned projects Assist with assigned risk and control activities, such as Logical Security initiatives, access reviews and privacy compliance requirements, tracking issues and action items, and documenting progress across security & risk initiatives Support preparation and remediation activities for Oliver Wyman Group audits, including researching the status of specific controls and determining compliance levels against company policies and procedures. Guide stakeholder in activities to meet security and compliance levels. Assist in designing and developing supporting frameworks and tools for the security, controls and risk group and for compliance and risk projects Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be complete Support Security & Risk driven projects and initiatives, through participation in full lifecycle including oversight, tracking, administrative tasks, research, solution proposal and technical tasks as required to meet project goals, when assigned Monitor appropriate sources for newly identified vulnerabilities, evaluate the risk such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities Evaluate identified vulnerabilities and risks, working with business owners, risk management, and IT leaders on assigned projects Work with responsible teams to develop mitigation plans and ensure vulnerabilities are addressed and remediated effectively and efficiently, as needed Identify, document, and assess information security vulnerabilities and risks in the information technology environment in conjunction with vendor and privacy assessment teams Support internal project development teams to ensure all mandated technical security requirements are met, including adherence to the SSDLC, compliance with required data classification security controls, and other controls required by the information security policy and other procedures or guidelines Other duties: Carry out any other tasks given by the Line Manager within the scope of the job to ensure effective delivery and development of the service. Skills and credentials Good technical knowledge of information security principles including: risk assessment and management, administrative security controls, identity and access management, cyber security defenses, encryption, application security, threat and vulnerability management Ability to weigh business risks and enforce appropriate information security measures; good documentation and presentation skills; Experience in information systems auditing a plus Knowledge of project development life cycle, secure development life cycle and the ability to assess an architecture documents for risks, vulnerabilities & threats SharePoint and advanced Excel a plus Knowledge of Directory Services (LDAP, AD) and Internet/Intranet architecture and design a plus Excellent written and verbal communication skills Great planning and organizational skills Customer/client service focused Polished and professional demeanor Experience required Minimum 3 years’ experience in information security A Bachelors’ degree in Computer Science, MIS, business or equivalent experience is required. An advanced degree (e.g. MBA with concentration in information systems) is a plus Information Systems Auditing Certification (e.g. CISA) or Security Certifications (e.g. CISSP) a plus Experience in some form of basic UI development for Access, SharePoint or SQL a plus How to Apply Please send CV (in English) to arlette.reich@oliverwyman.com Marsh & McLennan Companies and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender Identity employers. Marsh & McLennan Companies and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender Identity employers.