The purpose of this role is to be responsible for establishing and maintaining the enterprise vision, strategy and program to ensure that Guy Carpenter’s physical and digital information assets and technologies are adequately protected. Working with business leadership, Operations and Systems colleagues and the MMC Information Security community, the Guy Carpenter Information Security Leader will lead the organization in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology risks. He or she will establish appropriate standards and controls, indirectly manage security technologies and direct the establishment and implementation of policies and procedures.
Reporting to the MMC Global Chief Information Security Officer (CISO) and the Guy Carpenter Chief Information Officer (CIO) (dual reporting), and working with business leadership, operations and systems colleagues and the MMC Information Security community, the Chief Information Security Officer (CISO) – Information Security Leader will:
- Provide leadership to define and implement a risk-based strategy and program to manage our digital and information assets and then continuously review and set/update policies to support the program.
- Participate in key Operations and Systems operating routines to implement and drive information security risk strategy.
- Work with the Operations and Systems team to ensure Guy Carpenter’s applications are developed, enhanced and maintained according to the SDLC and associated security guidelines.
- Work with business colleagues to review RFPs, RFIs etc., and provide security and risk-related input into proposals.
- Collaborate with MMC IT Security and Audit colleagues to help define and ensure MMC-wide consistency of security protocols and risk management.
- Establish appropriate standards and controls, indirectly manage security technologies and direct the establishment and implementation of policies and procedures.
- Monitor information security trends internal and keeps business leadership informed about information security-related issues and activities potentially affecting the organization.
- A degree in Computer Science or Information Systems Management or equivalent
- 15+ years in Information Technology or an IT related field (e.g., IT Audit)
- 10+ years in a senior Security IT role
- Strong subject matter experience in cloud environments/technologies/security, application security, vulnerability testing and development of a risk appetite
- Risk management experience with proven ability to effectively apply risk principles to challenging business situations
- Exceptional executive presentation and communication skills, excellent influencing and problem resolution skills
- Application Life Cycle management and application development experience in the context of a security framework
- Expertise in development and execution of security plans to mitigate risk
- Information Technology security certifications and training will be looked upon favorably