Security Controls & Risk Manager

Company:

Description:

Security Controls & Risk Manager

We are seeking a Security Controls & Risk Manager to join our team at Oliver Wyman. This role will be based in Mexico City. This is a hybrid role that has a requirement of working at least three days a week in the office. As a Security Controls & Risk Manager at Oliver Wyman, you will lead a geographically distributed team of Security, Controls and Risk Analysts aligned to, and supporting, the OWG Tech function.

We will count on you to:

• Lead a geographically distributed team of Security, Controls and Risk Analysts aligned to, and supporting, the OWG Tech function.
• Oversight and ownership for Security, Risk and Controls projects and initiatives, including full lifecycle, design, execution, and testing.
• Support OWG Tech Projects to ensure compliance with security requirements, data classification, privacy, compliance and core controls.
• Leadership for OWG Cyber Risk tracking, monitoring and reporting. Support Identification of security controls and tasks necessary to remediate Cyber Risk risks within the OWG application landscape, negotiate dates with business owners for remediation to be completed.
• Ownership of designated Security, Risk and control BAU activities, such as technical solution pre-checks, informal security reviews, privacy compliance requirements, website/web app compliance, exception access reviews, and tracking of related issues and action items.
• Identify and provide guidance to business senior management and other stakeholders on information security risks, controls and tasks necessary to prevent risks and address security issues on projects, system changes and new programs.
• Provide guidance and support to other ITS Security teams and to team members on security risk management, compliance and governance issues.
• Support research, solution proposal, technical/administrative tasks and other controls as required by the information security policy and other procedures/guidelines to meet project goals.
• Monitor and champion remediation of risks from Oliver Wyman Group audits, ensuring findings are documented and resolved.
• Support identification of risks associated with inadequate vendor risk management processes; monitor remediation of risks from vendor risk management findings and VRMC process failures.

What you need to have:

• Minimum 7 years’ experience in information security
• A bachelor’s degree in computer science, MIS, business or equivalent experience is required.  An advanced degree is a plus.
• Excellent technical knowledge of information security principles including risk assessment and management, administrative security controls, identity and access management, cyber security defences, encryption, application security, threat, and vulnerability management
• Ability to weigh business risks and enforce appropriate information security measures
• Ability to communicate complex IT security risks and strategies to non-technical stakeholders
• Ability to balance strategic thinking with tactical execution.
• Strong leadership skills, with ability to lead and motivate cross-functional teams to achieve common goals.
• Knowledge of project development lifecycle, secure development lifecycle and ability to assess architecture documents for possible risks, vulnerabilities & threats.
• Excellent written, documentation, planning, presentation, and verbal communication skills with an advance level of English (Mandatory).
• Customer/client service focused

Why join our team:

• We help you be your best through professional development opportunities, interesting work and supportive leaders.
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
• Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.