About The Role

The Information Security Architect will participate in the secure software development lifecycle of Mercer applications. He or she will be part of the Mercer Information Security team, and will collaborate with other IT teams including operations, infrastructure, and application development. This person will report to Mercer’s CISO.

Key Responsibilities

• Information Security Architect is a business-oriented information security engineering role who is a subject matter expert in Information Security who will design, develop, and maintain IT Security programs and processes for the Mettl platform and other Mercer applications.
• Supports executive strategies, and fundamentally ensures the security of the information Mercer is entrusted to protect.
• Conducts industry research on new and emerging security technologies and identifies approaches to improve upon existing processes and practices.
• Work directly with the business to facilitate security risk assessments and risk management processes.

• Engage in new and existing application projects to provide guidance and direction for all aspect of the SSDLC.
• Assist in the identification, prioritization, and remediation of application vulnerabilities.
• Solution compensating controls and mitigation strategies to reduce technical and business risk with regard to application security and data protection.
• Assist with other application security programs as needed.
• Research industry best practices and maintain technical expertise to remain relevant in the industry.

• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
• Liaise with Marsh McLennan colleagues and stakeholders and navigate the system to continue with the IT deployment plan in place to achieve the business objectives.
• Integrate Mercer | Mettl security framework with Marsh McLennan policies.

Ideal Candidate

• Degree in business administration or a technology-related field required.
• Professional security management certification.
• Minimum of 12 to 16 years of experience in a combination of risk management, information security and IT jobs.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Information security related certification like CISA/CISM/CISSP.
• Excellent written and verbal communication skills and high level of personal integrity.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Demonstrated experience with developing and implementing an information security awareness and training program.
• Experience with Cloud computing/Elastic computing across virtualized environment.

Keywords

CISA, ISO 27001, Cyber security, NIST.