IT Lead Security Specialist

IT Lead Security Specialist

We are seeking an IT Lead Security Specialist to join our team at Oliver Wyman. This role will be based in Mexico City. This is a hybrid role that has a requirement of working at least three days a week in the office. As an IT Lead Security Specialist at Oliver Wyman you will design and implement essential security controls that mitigate risks and protect the firms critical assets. Additionally the position involves reviewing assessing and approving business projects to ensure adherence to security policies standards and industry best practices for data protection.

We will count on you to:

Security Risk Management

Partner with the OWG CISO to design and execute a risk-based cybersecurity strategy aligned with OWGs distinct business operating model.

Enable business teams to navigate firm-wide policies and standards leveraging risk-informed exceptions when justified in meeting OWGs differentiated needs.

Lead risk review processes guiding appropriate treatment planning in collaboration with stakeholders.

Monitor and continually improve key security risk metrics ensuring a focus on the reduction of risks to OWGs platforms and applications.

Security Advisory

Advocate for tailored security solutions that meet OWGs unique business needs while maintaining enterprise-wide risk management practices.

Participate in the Architecture Review Board (ARB) actively evaluating designs and decisions. Provide risk-based recommendations informed by security architecture principles fostering secure and scalable design solutions.

Lead the pre-screening assessments for new tools and technologies ensuring compliance with OWG security standards within defined timelines (e.g. 3 business days).

Cloud & Infrastructure Security

Identify assess and communicate security risks and threats to OWGs cloud environments and IT infrastructure.

Lead initiatives to adopt and mature system security practices such as multi-factor authentication encryption-at-rest and advanced logging capabilities.

Coordinate with engineering teams to ensure risks are mitigated swiftly in line with predefined SLAs

Security Control Tech Debt Remediation

Evaluate and remediate technical debt associated with legacy security controls prioritizing resolutions based on risk impact.

Partner with engineering and IT teams to address obsolescence risks and implement sustainable security measures.

Acquisition Security

Collaborate with acquisition teams during due diligence assessing cybersecurity risks and proposing mitigations.

Review and analyze due diligence reports offering strategic input on alignment with OWG security policies.

Guide secure integration planning and execution for post-acquisition scenarios.

What you need to have:

• B.S. in Cybersecurity Information Technology Business Administration or a related field preferred.
• 7 years of experience in cybersecurity with a focus on risk management security advisory and cloud security.
• Extensive experience with IT platforms and infrastructure including public and hybrid cloud environments.
• Extensive experience in security controls technologies and threat countermeasures.
• Demonstrated experience in assessing and managing vendor and third-party cybersecurity risks.
• Excellent written and oral communication skills with the ability to convey complex security concepts to non-technical stakeholders.
• Advanced knowledge of security risks risk management best practices and the ability to develop risk-informed strategies.
• Strong understanding of security frameworks (e.g. NIST ISO 27001) and governance practices relevant to multinational organizations.
• Excellent communication skills in English is a must

Why join our team:

• We help you be your best through professional development opportunities interesting work and supportive leaders.
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues clients and communities.
• Our scale enables us to provide a range of career opportunities as well as benefits and rewards to enhance your well-being.