
Marsh is seeking candidates for the following position based in the Lisbon or Oporto office:
Cybersecurity Risk Consultant
What can you expect?
Join a dynamic team focused on cyber resilience and regulatory compliance;
Identify, evaluate, and mitigate cyber risks for our diverse local and international client portfolio;
Deliver comprehensive risk assessments and strategic recommendations to executive leadership and board memberson severaltopics related with cyber risk management – risk analysis, controls implementations,third-party risk management,incident response and recover, amongst others;
Support clients in strengthening their cybersecurity posture and achieving regulatory compliance;
Collaborate with cross-functional teams including underwriting, claims, and technology partners, when needed.
What's in it for you?
Be part of a multinational organization where you'll be able to learn, grow and develop your career;
Join a dynamic and international business environment with exposure to cutting-edge cyber threats and solutions;
You will have the possibility to access specialized training in cybersecurityand regulatory compliancerisk assessment methodologies, threat intelligence, and industry best practices;
Work closely with experienced cybersecurity professionals, compliance professionalsand industry experts to develop advanced technical and strategic skills;
A permanent contract and generous benefits package, including pension plan, health and life insurance;
For thefirst3 months it's required to work from the office. After that, you can opt for the hybrid working model, which allows you to work from home 2 days per week.
We will count on you to:
Conduct comprehensive cybersecurity risk assessments for enterprise clients;
Analyze vulnerabilities, threat vectors, and potential impact on business operations;
Develop actionable remediation strategies and risk mitigation recommendations;
Stay current with emerging cyber threats, attack methodologies, and regulatory requirements;
Prepare detailed technical and executive-level reports on cyber risk findings;
Elaborate cyber incident response and recover playbooks and strategies;
Develop third-party risk management systems andprocedures;
Collaborate with clients to understand their business environment and risk appetite;
Support underwriting and pricing decisions with expert cyber risk insights;.
Developtrainingandculture sessionsto improve awareness regarding cyber threats,vulnerabilitiesand risksat our clients.
What you need to have:
Degree in Computer Science, Cybersecurity, Information Security, or similar field (or equivalent professional experience);
3 or more years of experience in cybersecurity risk assessment or related cybersecurity roles;
Strong knowledge of cyber threats, vulnerabilities, and security frameworks (NIST, ISO 27000-package1, CIS Controls);
Detail-oriented and organized profile with excellent analytical capabilities;
Strong verbal and written communication skills in English (at least B2 level);
Ideal candidates should be comfortable conducting businessconversationsalsoin Spanish;
Proficiency with cybersecurity assessment tools and frameworks;
Very goodknowledge ofMicrosoftOffice Excel.
Good knowledge ofMicrosoftPowerPoint,
Ideal candidates should be comfortableor at least curiousand interested about Microsoft Power BI.
What makes you stand out?
Advanced technical expertise in network security, application security, or infrastructure protection;
Interest in consulting projects and providing services to clientsin cybersecurity and regulatory compliance;
Relevant certifications such as CISSP, CISM, CEH, or OSCP;
Operationalthinking combined withstrongtechnical capabilities;
Excellent problem-solving abilities and a detail-oriented mindset;
Strong team player with ability to influence and guide stakeholders;
Autonomy and sense of care;
Intellectual curiosity with passion for continuous learning in the cybersecurityand regulatory compliancedomains;
Emotional intelligence and ability to communicate complex cyber risks to non-technical audiences.