Security & Risk Analyst
Location: Warsaw, Poland
Company: Oliver WymanJob ID R_055398-en Apply
Oliver Wyman is a global leader in management consulting. With offices in 50+ cities across 26 countries, Oliver Wyman combines deep industry knowledge with specialized expertise in strategy, operations, risk management, and organization transformation. Our 4100+ professionals help clients optimize their business, improve their operations and risk profile, and accelerate their organizational performance to seize the most attractive opportunities. Our clients are the CEOs and executive teams of the top Global 1000 companies. Please visit our website for more detailswww.oliverwyman.com/www.oliverwyman.pl
As a trusted member of the Information Technology Services team, the ITS Security & Risk Analyst ensures that information security of Oliver Wyman Group within our infrastructure, applications and business processes is continuously improved. This includes proactive review and remediation of the current state of ITS security issues, management processes, tools and activities, and providing recommendations for enhancement where appropriate. Candidates will have broad Information Security skills with a solid understanding of cross functional IT Security areas such as Identity & Access Management, Infrastructure Security, Application Security, Data Protection and experience working with a broader team on security products and services.
KEY ROLES AND RESPONSIBILITIES:
- Identify, document, and assess information security vulnerabilities and risks in the information technology environment
- Evaluate identified vulnerabilities and risks, working with business owners, risk management, and IT leaders
- Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be complete
- Monitor appropriate sources for newly identified vulnerabilities, evaluate the risk such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities
- Monitor appropriate industry sources to maintain awareness of new security tools and techniques and research those tools and techniques that have the potential to improve the organization’s ability to protect its information and infrastructure
- Lead or participate in the development of security standards, processes, and procedures
- Work with responsible teams to develop mitigation plans and ensure vulnerabilities are addressed and remediated effectively and efficiently
- Provide security consulting and technical assistance with the evaluation, selection, initial set-up and secure deployment of new IT systems
- Follow up with compliance tasks related to policies, standards and procedures
- Coordinate communication with various stakeholders and provide general support on risk & security related issues
SKILLS AND CREDENTIALS:
- Strong technical knowledge of information security principles, including risk assessment and management, Cyber security defenses, application security, operating system hardening, threat and vulnerability management, encryption, and identity and access management
- Knowledge of Directory Services (LDAP, AD) and Internet/Intranet architecture and design
- Ability to weigh business risks and enforce appropriate information security measures; excellent documentation and presentation skills; ability to explain information security concepts to audiences outside of the field
- Proven ability to examine, improve and execute the organization's existing security risk assessment processes and procedures
- Excellent written and verbal communication skills.
- SharePoint and advanced excel skills a plus
- Excellent planning and organizational skills.
- Excellent customer\client service orientation
- Polished and professional demeanor
- Occasional travel to other offices and firm events
Minimum 3 years of experience in information security experience
- A Bachelors’ degree in Computer Science, MIS, business or equivalent experience is required.
- Security Certification (e.g. CISSP) a plus
- .NET programming, Powershell or Java scripting a major plus
Please send us your CV in English
Oliver Wyman is an equal opportunity employer and a wholly owned subsidiary of Marsh & McLennan Companies. To learn more, please follow us on Facebook, LinkedIn or Twitter: @OliverWyman