About Oliver Wyman Oliver Wyman Is a Global Leader in Management Consulting

Home , Oliver Wyman

About Oliver Wyman Oliver Wyman is a global leader in management consulting. With offices in 50+ cities across 26 countries, Oliver Wyman combines deep industry knowledge with specialized expertise in strategy, operations, risk management, and organization transformation. Our 4700+ professionals help clients optimize their business, improve their operations and risk profile, and accelerate their organizational performance to seize the most attractive opportunities. Oliver Wyman’s thought leadership is evident in our agenda-setting books, white papers, research reports, and articles in the business press. Our clients are the CEOs and executive teams of the top Global 1000 companies. www.oliverwyman.com

Job specification

Job Title: ITS Security & Risk Analyst Department: OWG ITS Office/Region: Singapore Reports to: Robert Kemp Hours: 09:00 – 18:00 (or 8-hour period during normal working hours with additional hours required)

Job Overview: As a trusted member of the Information Technology Services team, the ITS Security & Risk Analyst ensures that information security of Oliver Wyman Group within our infrastructure, applications and business processes is continuously improved. This includes proactive review and remediation of the current state of ITS security issues, management processes, tools and activities, and providing recommendations for enhancement where appropriate. Candidates will have broad Information Security skills with a solid understanding of cross functional IT Security areas such as Identity & Access Management, Infrastructure Security, Application Security, Data Protection and experience working with a broader team on security products and services.

Key Responsibilities: • Complete security and technology risk related RFP questionnaires from Clients • Manage Client Audit requests & work with responsible ITS teams to develop mitigation plans and ensure audit finding are addressed and remediated • Manage logical security processes, controls and lifecycles are followed efficiently and aligned to deliver compliance with security policies • Act as the point of contact for internal ITS audits, coordinate audit activities, review evidence provided and manage responses for issues identified and published in audit reports • Identify, document, and assess information security vulnerabilities and risks in the information technology environment • Evaluate identified vulnerabilities and risks, working with business owners, risk management, and IT leaders • Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be complete • Provide security consulting and technical assistance with the evaluation, selection, initial set-up and secure deployment of new IT systems • Follow up with compliance tasks related to policies, standards and procedures • Coordinate communication with various stakeholders and provide general support on risk & security related issues

Page 2

Experience Required: . Security Certification (e.g., CompTIA Security+, CISSP, CISM) is a MUST . Minimum 3 years of experience in information security experience . A Bachelors’ degree in Computer Science, MIS, business or equivalent experience is required. An advanced degree (e.g. MBA with concentration in information systems) is a plus

Skills and Attributes: • Excellent written and verbal communication skills • Proven ability to examine, improve and execute the organization's existing security risk assessment processes and procedures • Ability to weigh business risks and enforce appropriate information security measures; excellent documentation and presentation skills; ability to explain information security concepts to audiences outside of the field • Excellent planning & organizational skills • Excellent customer\client service orientation • Polished and professional demeanor • Occasional travel to other offices and firm events

Technical skills: • Strong knowledge of current industry Security standards and best practices (NIST, HITRUST) • Strong technical knowledge in application security, Directory Services (LDAP, AD), Internet/Intranet architecture and design, operating system hardening, vulnerability management and encryption

How to apply: Please send CV and cover letter to: [email protected] or [email protected]

Marsh & McLennan Companies is a global professional services firm providing advice and solutions in the areas of risk, strategy and human capital. It is the parent company of a number of the world's leading risk experts and specialty consultants, including Marsh, the insurance broker and risk advisor; Guy Carpenter, the risk and reinsurance specialist; Mercer, the provider of HR and related financial advice and services; and Oliver Wyman, the management consultancy. With over 60,000 employees worldwide and annual revenue of approximately $13 billion, Marsh & McLennan Companies provides analysis, advice and transactional capabilities to clients in more than 100 countries. Its stock (ticker symbol: MMC) is listed on the New York, Chicago and London stock exchanges. Marsh & McLennan Companies offers competitive salaries and comprehensive benefits and programs including: health and welfare, tuition assistance, retirement, employee assistance program, domestic partnership benefits, career mobility, employee network groups, volunteer opportunities, and other programs. For more information about our company, please visit us at: www.mmc.com. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. For more information, please visit us at: www.mmc.com/diversity.