Manager - Risk Consulting

Job Profile: Manager, Cyber Risk Consulting, Marsh

Location: Mumbai

MMC Business Unit: Marsh

MMC Office Name: Marsh McLennan (India) Private Limited (MMIPL)

MMIPL Function: Knowledge Services

Marsh is a global leader in insurance broking and risk management. In more than 130 countries, our experts in every facet of risk and across industries help clients to anticipate, quantify, and more fully understand the range of risks they face.

Marsh Advisory is the consultative branch of Marsh, which operates internationally and provides solutions in the increasing needs of our clients to implement risk management programs within their organization.Marsh Advisory helps companies to change their risk profiles so they can improve resiliency, reduce claims, and minimize the total cost of risk. Businesses today regularly tackle multiple challenges; whether facing property and casualty, cyber, reputational, or other risks, Marsh Advisory can help.

The global Cyber Risk Consulting (CRC) practice of Marsh Advisory supports customers to understand, estimate and mitigate cyber risks. This role is open in Marsh McLennan (India) Private Limited (MMIPL) a global in-house center for MMC Group. The MMIPL in Mumbai has a function called ‘Knowledge Services’ which supports the MMC group by providing specialized services. Under the Knowledge Services function, there is Marsh Advisory team, which supports the global clients and colleagues, this role will initiate a new service line for Marsh Advisory team in Mumbai, which entails supporting the CRC colleagues in execution of the cyber consulting projects.

What can you expect?

• Collaborate with the CRC practice in Pacific for delivery of the practices value proposition in the regions.
• Provide complete support to delivery of the desired deliverables as per the agreed scope of work with the client, and provide an efficient delivery model for Marsh CRC practice.
• Play a key role in leading the delivery of multiple CRC projects.
• Responsible for review and training of junior colleagues to ensure the deliverable is as per the expected quality framework.
• Occasional travel within Pacific region for client engagements and collaboration with the CRC practice.
  
  

We will count on you to:

• Conduct comprehensive vulnerability assessments and penetration tests on web applications, networks, mobile applications, cloud environments, and other IT infrastructure components.
• Conduct secure code reviews and software development lifecycle (SDLC) security review.
• Conduct secure configuration review.
• Conduct red team exercise including social engineering assessments as required.
• Identify, exploit, and document security vulnerabilities and provide actionable remediation recommendations.
• Develop and execute detailed test plans and methodologies tailored to client environments.
• Collaborate with development, IT, and security teams to communicate findings and assist in remediation efforts.
• Stay current with the latest security testing methodologies, threats, vulnerabilities, and industry best practices.
• Mentor junior penetration testers and contribute to the continuous improvement of testing methodologies.
• Participate in incident response activities and provide expert advice on security incidents.
• Ensure compliance with relevant security standards and regulations (e.g., OWASP, NIST, PCI-DSS, ISO 27001).
• Conduct research on the clients cybersecurity risk areas and prepare a point of view for consulting.
• Support the team towards constant innovation of cybersecurity approach and go-to-market strategy.
• Understand different domains within cybersecurity space and demonstrate passion.
• Is on track to build specialization to demonstrate specialist knowledge in cybersecurity.
• Contribute in research support for building a robust CRC practice deliverables.
• Will be responsible to maintain key project track record and detailed process documentations.
• Delivery of the projects would be done either remotely or onsite depending on the client requirement.
• Ability to motivate the team members and take the high road to ensure client success.
• Build proposals and pitch to potential clients, including developing compelling presentations and effectively communicating the value proposition of the Cyber Risk Consulting practice.
  
  

What you need to have:

The candidate must possess the following attributes:

• Post Graduate or equivalent from an institute of repute.
• 4 to 6 years professional experience in VAPT/cybersecurity consulting domain in Big 4 or boutique firms.
• At least one of the following Professional cyber security certifications (e.g. eJPT, CRTP, OSCP, or any other hands on penetration testing certification) would be mandatory.
• Strong knowledge of network protocols, operating systems (Windows, Linux, Unix), and security technologies.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, Nessus, and others.
• Experience with scripting and programming languages (e.g., Python, Bash, PowerShell, JavaScript).
• Familiarity with cloud platforms (AWS, Azure, GCP) and their security models.
• Excellent analytical, problem-solving, and communication skills.
• Familiarity with data analytics and visualization tools such as Power BI.
• Ability to work independently and as part of a team in a fast-paced environment.
• Strong ethical standards and commitment to confidentiality.
• Ability to develop quality reports, presentations, project trackers.
• Should be proficient in Ms. Office applications such as Word, PowerPoint, and Excel. Basic knowledge in Project, Teams, and Visio.
• Effective communicator who is able to share insights with clients/stakeholders.
• Smart, collaborative, relationship and outcome focused with the ability to make decisions where ambiguity exists.
• Ability to demonstrate sound judgment in the prioritization of competing work assignments, escalation of issues and the formulation of solutions.
• Effective organization skills with key attention to detail and delivery of high quality documentation with the ability to implement/influence change.
• Strong sense of business ethics and principles.
• Excellent English language skills, both verbal and written with the ability to communicate technical matters to a non-technical audience.
  
  

What is good to have:

• Bug bounties record.
• Vulnerability publications including CVEs.
• Experience in developing accelerators for delivery efficiency.
• Operational or emerging technologies knowledge is a plus.
• Experience with DevSecOps and integrating security into CI/CD pipelines.
• Knowledge of compliance frameworks and regulatory requirements.
• Experience with threat modeling and vulnerability management programs.
• Ability to conduct red team exercises and advanced adversary simulation.
• Fluency in foreign language constitutes an advantage.
  
  

MARSH & MCLENNAN:

Marsh & McLennan (NYSE: MMC) is the worlds leading professional services firm in the areas of risk, strategy and people. The Companys 76,000 colleagues advise clients in over 130 countries. With annualized revenue approaching $17 billion, Marsh & McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh advises individual and commercial clients of all sizes on insurance broking and innovative risk management solutions. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Marsh delivers advice and technology-driven solutions that help organizations meet the health, wealth and career needs of a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit mmc.com, follow us on LinkedIn and Twitter @mmc_global or subscribe to BRINK.

Marsh & McLennan Companies and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender Identity employers.

MARSH:

Marsh is a global leader in insurance broking and risk management. In more than 130 countries, our experts in every facet of risk and across industries help clients to anticipate, quantify, and more fully understand the range of risks they face. We work with clients of all sizes to define, design, and deliver innovative solutions to better quantify and manage risk. We offer risk management, risk consulting, insurance broking, alternative risk financing, and insurance program management services to businesses, government entities, organizations, and individuals around the world. To every client interaction, we bring an unmatched combination of deep intellectual capital, industry-specific expertise, global experience, and collaboration. Since 1871, clients have relied on Marsh for trusted advice, to represent their interests in the marketplace, make sense of an increasingly complex world, and help turn risks into new opportunities for growth. Our more than 30,000 colleagues work on behalf of our clients, who are enterprises of all sizes in every industry, and include individuals, multinational organizations, and government entities worldwide. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. Visit www.marsh.com for more information and follow us on LinkedIn and Twitter @MarshGlobal

Marsh Risk is a business of Marsh (NYSE: MRSH), a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $24 billion and more than 90,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information about Marsh Risk, visit marsh.com, or follow us on LinkedIn and X.

Marsh is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.

R_330513

---