Senior Manager - IT Risk Management

We are seeking a talented individual to join our IT Risk Management team at Mercer as a Senior Manager - IT Risk Management . This role will be based in Toronto. This is a hybrid role that has a requirement of working at least three days a week in the office.

The Senior Manager - IT Risk Management role will lead a small but important team to ensure the global security organization runs smoothly and efficiently. This includes the development of strategies and programs to deliver security training and awareness materials across the firm, the optimization of cybersecurity program metrics delivered to our executives, and the continued improvement and maintenance of our security policies and associated standards. The role will also assist in managing project and operating budgets.

The successful candidate will be a strong manager and will report directly to the Shared Services Chief Information Security Officer and Head of Security Governance. The role will require strong collaboration capability and agile approaches interacting with leaders and SME’s within MMC Tech and across other functions. The deliverables, materials and outputs of this role are consumed by all employees (>90,000) with an executive leadership being a key stakeholder, so communication capability is paramount. This role has high impact and high visibility across the IT leadership team globally with the direct ability to influence security strategy, impact, and effectiveness.

We will count on you to:

• Perform as a manager and leader who is highly organized and able to operate at senior levels while also supporting your team at the detail necessary to be successful.
• Work closely with security leaders and your team to execute effective training and awareness strategies.
• Mature, simplify and better communicate the security policies and standards for the organization.
• Continually enhance and improve the delivery of our Information Security Program metrics and KPI’s to our senior executives.
• Partner closely with our communications teams to deliver awareness communications, town halls and board level presentations.
• Lead the development and execution of a comprehensive strategy to deliver effective security training and awareness content ensuring our colleagues are kept abreast of the latest attacks against them, how to identify end user-based threats, and how to report nefarious behaviors to our security team. Develop role-based security training for higher risk areas of our company and oversee the annual re-certification process of the training through the company learning management system
• Develop and maintain an online security presence to include security mailbox, web portal content, security trust portal, SharePoint online content, and a digital awareness library.
• Improve, simplify and expand our security policies and standards. Enhance the methods for the delivery and ease of use
• Partner with internal teams to clarify our processes and procedures ensuring that effective controls are in place
• Oversee and participate in the Policy Council to ensure we have effective governance and communications around policy creation across MMC Tech.
• Manage, advertise and improve our online SharePoint and digital awareness library.
• Manage and maintain the Trust package used to inform clients of our security controls and program.
• Oversee the development and maintenance of the security metrics used to aggregate all cybersecurity KPI and metric data used in risk committee presentations, board of director oversight, and operationally to effectively manage our security program. Develop reporting and presentation materials used by the business and global CISO roles for consistency in security program reporting
• Lead and provide budget and project governance oversight to ensure the security organization financials are accurate, aligned to strategy, assist with updating month forecasts, track schedule and budget efficacy for security programs and ultimately ensure our processes and procedures are well documented and available to those who need and use them.
• Partner with our communications team to deliver effective communications, board decks, town halls, etc.
  
  

What you need to have:

• An undergraduate or graduate degree in IT Management, Computer Information Systems (CIS), or equivalent.
• M.S. / MBA a plus.
• 5-10 years working within Information Technology
• 5+ years working in Cybersecurity
• Significant experience with developing security training and awareness materials within a large enterprise.
• Significant experience with writing and developing enterprise level security policies.
• Experience with implementing effective security controls.
• Experience managing teams and developing staff.
• Experience producing executive level security metrics.
• Significant experience with Microsoft Office Suite
  
  

What makes you stand out?

• The leader of the team must have exceptional written and oral communication skills and be able to deliver materials suited for executives.
• Demonstrated ability to meet deadlines in a fast-paced environment and perform at a very high-level.
• Great people skills and ability to establish partnerships and collaborate and various levels.
• Knowledge of Security frameworks including NIST CSF, NIST SP800-53 and ISO 27001.
• CISSP or CISM a plus
  
  

Why join our team:

• We help you be your best through professional development opportunities, interesting work and supportive leaders.
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
• Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.
  
  

Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $23 billion and more than 85,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.

Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age background, civil partnership status, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law. We are an equal opportunities employer. We are committed to providing reasonable adjustments in accordance with applicable law to any candidate with a disability to allow them to fully participate in the recruitment process. If you have a disability that may require reasonable adjustments, please contact us at [email protected].

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.

R_285890