We are seeking a talented individual to join our Risk Consulting Team at Marsh. This role will be based in Lima, México or Colombia. This is a hybrid role that has a requirement of working at least three days a week in the office.
This position will be working with the Canadian Cyber Risk Consulting Practice, with a reporting line to the practice leader based in Toronto, and serving clients mostly based in Canada. This role is responsible for:
Work autonomously as an expert in the OT cyber risk and security space to support Marsh’s business in a department which is experiencing a double-digit annual growth rate.
Be a part of Marsh’s cyber risk consulting practice offering multiple types of cyber risk assessments and cybersecurity transformation projects. These offerings are supported by the strategic position of Marsh Brokerage within the cyber insurance market.
Offer expertise to our extensive client base throughout Canada and in other regions as necessary.
Client and team related travel to Canada and in the rest of the Americas for in-person meetings and/or site visits. Potential travel beyond the Americas based on clients’ needs.
We will count on you to:
Actively contribute to thought leadership and business development, internally and externally.
Take the lead for one or more type of offerings such as for example “OT Security Services”, “OT Monitoring Solutions”, “Cyber Incident Response Planning”, “Cyber Risk Quantification”, etc.
Lead client engagements by conducting security program assessments, cybersecurity transformations, security architecture reviews, etc.
Remain up to date on the latest cyber-attack techniques and cybersecurity solutions
Build and maintain excellent relationships with prospects and client organizations, as well as our internal network of client facing colleagues who open doors to new project opportunities
What you need to have:
Excellent English speaking and writing capabilities (main language of work)
Completion of relevant certifications: GCIP, GICSP, ICSP, ISASecure, CISSP, CISM, etc.
Degree in Computer Science, OT Security, Information Security, or related field. Alternatively strong field / hands-on experience in OT and OT Security.
7-15 years of experience in OT Security
At least 5 years of experience in an advisory or external consulting capacity
A strong ability and experience of analyzing client needs in order to design, propose and manage consulting projects, including facilitation of workshops and production of deliverables.
A strong degree of technical familiarity with site and enterprise security architecture (PCLs and HMI, Firewalls and other Network Security Devices, Virtualization, Storage, Backups Technology, OT Monitoring Solutions, SIEMs, EDRs, etc.), Network Protocols, Operating Systems, OT Specific Solutions.
A strong knowledge and experience of using major cybersecurity frameworks in security assessment projects (IEC 62443, NIST 800-82, NIST CSF / 800-61, CIS 18, ISO 27001, etc.)
A strong understanding of security management domains such as: Vulnerability and Configuration Management, Network and Application Security Testing, Incident Response Planning & Table-Top Exercises, Disaster Recovery Planning, Email and Web Security, Security Awareness, Vendor Risk Management, Secure Software Development Practices, etc.
A strong knowledge with possible hands-on exposure to Cyber Incident Management, IT Forensics, Penetration Testing and/or Quantification of Cyber Risk Scenarios would be a plus
Experience working and managing projects in a fast-paced environment under tight timelines
Research and analytical skills with the ability to clearly and articulately identify and define problems and develop creative solutions to address client needs
Excellent communication skills (written and verbal), including ability to develop and deliver presentations, lead interviews, and facilitate client workshops
Proven relationship development and management skills with demonstrated ability to interact, establish credibility and engender trust with a wide range of professionals across all levels
What makes you stand out?
Strong capabilities/Experience in IT security (in addition to OT security)
A network of industry contacts that can serve as a business development platform
Fluent in French and/or Portuguese (assuming any candidate is by default bilingual in Spanish and English)
Why join our team:
We help you be your best through professional development opportunities, interesting work and supportive leaders.
We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.
* If you are interested in applying for this job please is mandatory that both your application and cv are submitted in English *
Marsh Risk is a business of Marsh (NYSE: MRSH), a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $27 billion and more than 95,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information about Marsh Risk, visit marsh.com, or follow us on LinkedIn and X.Marsh is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.