The Global Information Security (GIS) team within Marsh McLennan is looking for an IT Controls Specialist who will be responsible for helping build and maintain our organization’s security control documentation, manage control evidence to support compliance, and assist with mapping those controls to various NIST standards, policy, legal and regulatory requirements.
We are looking for a candidate interested in how the IT controls management process works and wants to learn from a highly skilled, experienced team. This position offers an excellent opportunity for a motivated individual to gain valuable experience in the areas of IT audit and regulatory compliance while developing a strong foundation for a successful career in technology risk management and control implementation.
The ideal candidate likes challenges, opportunities to develop innovative approaches to satisfy various program needs and keeps pace with the rest of the team. The candidate will collaborate closely with senior members of the Controls Inventory team, internal IT teams and various business operations teams to identify and prioritize the mitigation of identified control gaps within our organization as well as the development of plans to remediate. The role will include but not be limited to three main functions:
Audit Support – Working closely with GIS audit remediation team to manage internal and external IT audit requirements and their findings, map the controls required to comply with audit requirements, and identify any gaps that may exist in the controls environment for future consideration. Regulatory Compliance – Partnering with Privacy and Compliance to identify regulations around the globe that impact our organization, and the establishment of the IT controls needed to comply. Security Control Alignment – Identification, mapping and tracking evidence of our ability to meet the controls outlined by the National Institute of Standards and Technology (NIST).
The role will report to the Information Security Audit and Controls Senior Manager.
WHAT YOU CAN EXPECT:
A fast-paced environment with great culture and leadership. Passionate team members who are dedicated to business enablement. Autonomy to deliver in your role, while getting strong support from senior team members and management to collaborate across the organization.WE WILL COUNT ON YOU TO:
Have good analytical and research skills to review and understand the data being extracted from existing reports, tools, etc. within the MMC and regulatory environments, and how to effectively parse that data and translate into actionable elements.Perform as a highly organized individual who can operate independently while also supporting his/her team at the detail necessary to be successful. Provide relevant information to key stakeholders to effectively manage information and risk across the organization.Work with Privacy and Compliance to identify the regulations impacting our organization, the IT Controls in place that support the regulatory requirements, and any gaps that need to be closed.Collaborate across IT teams to develop and track plans to close compliance and IT Control gaps.Partner with Information Security and IT teams across the globe to develop a comprehensive Enterprise IT Controls Inventory.WHAT YOU NEED TO HAVE:
Knowledge of information systems, software and security related products and services.Significant experience with Microsoft Office Suite.The ability to articulate business/technical requirements to IT teams and business users.Great people skills and ability to establish partnerships and collaborate at various levels.Demonstrated ability to meet deadlines in a fast-paced environment. Excellent verbal and written communication skillsRelevant internships or work experience in IT audit, risk management, or information security.WHAT MAKES YOU STAND OUT?
Knowledge of Security frameworks including NIST CSF, NIST SP800-53 and ISO 27001.Knowledge of regulatory laws impacting global IT organizations (e.g., Sarbanes-Oxley, NYDFS Cybersecurity Regulation, CPS 234, China PIPL, etc.). Knowledge of MMC’s risk and compliance landscape (SOC 2, PCI DSS, SOX) and IT General Computer Controls (GCC’s).WHAT’S IN IT FOR YOU?
Great culture, talented team, and supportive leadershipFlexible working optionsStandard MMC Salary PackageStandard MMC Colleague BenefitsWork in a diverse culture and global teamIf you are interested, please send your CV in English.
Interviews will be held in English.
Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.
Marsh McLennan is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.
Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.