Manager - Cyber Risk Consulting

We are seeking a talented individual to join our Risk Consulting team at Marsh Mc Lennan. This role will be based in Mumbai/Gurgaon. This is a hybrid role that has a requirement of working at least three days a week in the office.

Marsh
is a global leader in insurance broking and risk management. In more than 130 countries, our experts in every facet of risk and across industries help clients to anticipate, quantify, and more fully understand the range of risks they face.

Marsh Advisory
is the consultative branch of Marsh, which operates internationally and provides solutions in the increasing needs of our clients to implement risk management programs within their organization.Marsh Advisory helps companies to change their risk profiles so they can improve resiliency, reduce claims, and minimize the total cost of risk. Businesses today regularly tackle multiple challenges; whether facing property and casualty, cyber, reputational, or other risks, Marsh Advisory can help.

The global
Cyber Risk Consulting
(CRC) practice of Marsh Advisory supports customers to understand, estimate and mitigate cyber risks. This role is open in Marsh McLennan (India) Private Limited (MMIPL) a global in-house center for MMC Group. The MMIPL in Mumbai has a function called 'Knowledge Services' which supports the MMC group by providing specialized services. Under the Knowledge Services function, there is Marsh Advisory team, which supports the global clients and colleagues, this role will initiate a new service line for Marsh Advisory team in Mumbai, which entails supporting the CRC colleagues in execution of the cyber consulting projects.

.

We will count on you to:

• Conduct comprehensive vulnerability assessments and penetration tests on web applications, networks, mobile applications, cloud environments, and other IT infrastructure components.
• Conduct secure code reviews and software development lifecycle (SDLC) security review.
• Conduct secure configuration review.
• Conduct red team exercise including social engineering assessments as required.
• Identify, exploit, and document security vulnerabilities and provide actionable remediation recommendations.
• Develop and execute detailed test plans and methodologies tailored to client environments.
• Collaborate with development, IT, and security teams to communicate findings and assist in remediation efforts.
• Stay current with the latest security testing methodologies, threats, vulnerabilities, and industry best practices.
• Mentor junior penetration testers and contribute to the continuous improvement of testing methodologies.
• Participate in incident response activities and provide expert advice on security incidents.
• Ensure compliance with relevant security standards and regulations (e.g., OWASP, NIST, PCI-DSS, ISO
• Conduct research on the clients cybersecurity risk areas and prepare a point of view for consulting.
• Support the team towards constant innovation of cybersecurity approach and go-to-market strategy.
• Understand different domains within cybersecurity space and demonstrate passion.
• Is on track to build specialization to demonstrate specialist knowledge in cybersecurity.
• Contribute in research support for building a robust CRC practice deliverables.
• Will be responsible to maintain key project track record and detailed process documentations.
• Delivery of the projects would be done either remotely or onsite depending on the client requirement.
• Ability to motivate the team members and take the high road to ensure client success.
• Build proposals and pitch to potential clients, including developing compelling presentations and effectively communicating the value proposition of the Cyber Risk Consulting practice.

What you need to have:

The candidate must possess the following attributes:

• Post Graduate or equivalent from an institute of repute.
• 4 to 6 years professional experience in VAPT/cybersecurity consulting domain in Big 4 or boutique firms.
• At least one of the following Professional cyber security certifications (e.g. eJPT, CRTP, OSCP, or any other hands on penetration testing certification) would be mandatory.
• Strong knowledge of network protocols, operating systems (Windows, Linux, Unix), and security technologies.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, Nessus, and others.
• Experience with scripting and programming languages (e.g., Python, Bash, PowerShell, JavaScript).
• Familiarity with cloud platforms (AWS, Azure, GCP) and their security models.
• Excellent analytical, problem-solving, and communication skills.
• Familiarity with data analytics and visualization tools such as Power BI.
• Ability to work independently and as part of a team in a fast-paced environment.
• Strong ethical standards and commitment to confidentiality.
• Ability to develop quality reports, presentations, project trackers.
• Should be proficient in Ms. Office applications such as Word, PowerPoint, and Excel. Basic knowledge in Project, Teams, and Visio.
• Effective communicator who is able to share insights with clients/stakeholders.
• Smart, collaborative, relationship and outcome focused with the ability to make decisions where ambiguity exists.
• Ability to demonstrate sound judgment in the prioritization of competing work assignments, escalation of issues and the formulation of solutions.
• Effective organization skills with key attention to detail and delivery of high quality documentation with the ability to implement/influence change.
• Strong sense of business ethics and principles.
• Excellent English language skills, both verbal and written with the ability to communicate technical matters to a non-technical audience.

What makes you stand out:

• Bug bounties record.
• Vulnerability publications including CVEs.
• Experience in developing accelerators for delivery efficiency.
• Operational or emerging technologies knowledge is a plus.
• Experience with DevSecOps and integrating security into CI/CD pipelines.
• Knowledge of compliance frameworks and regulatory requirements.
• Experience with threat modeling and vulnerability management programs.
• Ability to conduct red team exercises and advanced adversary simulation.
• Fluency in foreign language constitutes an advantage.

Why join our team:

• We help you be your best through professional development opportunities, interesting work and supportive leaders
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities
• Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being

Marsh, a business of Marsh McLennan (NYSE: MMC), is the world's top insurance broker and risk advisor. Marsh McLennan is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit , or follow on LinkedIn and X.

Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one "anchor day" per week on which their full team will be together in person.