Associate Director - Cyber Security Risk Vulnerability Scoring

 Company: MMC Corporate
  
 Description: 

We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon. This is a hybrid role that has a requirement of working at least three days a week in the office.Associate Director - Cyber Security Risk Vulnerability Scoring

What can you expect

To oversee and manage the Cybersecurity Risk Adjusted Vulnerability Scoring (RAVS) Program. This enterprise-level initiative is critical to transforming the measurement, prioritization, and response to cybersecurity vulnerabilities by leveraging integrated systems, threat intelligence, and contextual organizational data

We will count on you to:
Program Oversight 1. Lead the development, implementation, and ongoing management of the enterprise RAVS program.2. Integrate data form vulnerability scanners, CMDB, threat intel feeds, cybersecurity systems, and internal business systems to generate dynamic risk adjusted vulnerability scores.3. Collaborate with internal teams across cybersecurity, IT, risk, business units, data analytics to continuously refine RAVS logic and scoring models.4. Develop operational playbook and prioritization framework that aligns vulnerabilities response to true business risk.
RAVS Day-to- Day Operations and Risk Management
1. Monitor, triage, and escalate enterprise vulnerabilities based on RAVS output and threat indicators.2. Provide real-time situational awareness and technical direction during vulnerability-related incidents and assessments.3. Ensure integration and alignment between RAVS and enterprise vulnerability management platforms, SIEM, SOAR, threat intel, and cloud security tools.4. Track remediation efforts, metrics, SLAs & SLOs adherence, and risk decisions.5. Generate executive-level dashboards and reports to communicate vulnerability risk posture and trends.Platform Management
1. Oversee functionality and data quality for critical systems.2. Managing the operational health and data flows between vulnerability detection system, threat intelligence sources, asset inventories, and risk engines.3. Ensuring business context and asset criticality are mapped into RAVS platform to support accurate risk prioritization.4. Cross coloration with detection engineering and VMED to maintain score calculation logic, rule sets, and automation flows.5. Maintaining process documentation, operational runbooks, and continuous improvement workflows for all integrated components.Leadership and Collaboration1. Cross Functional CollaborationSupport and collaborate with development, business CISOs, operations, and cloud teams across the enterprise to ensure effective vulnerability management practices.2. Support VMED with various project-based initiatives (creation of KPIs, onboarding of new tools, etc.).3. Drive ongoing assessments of RAVS programs effectiveness, identify areas for tuning, optimization, or automation.4. Collaborate with governance, risk, and compliance teams to align scoring outcomes with organizational risk thresholds and reporting needs.5. Lead training and onboarding of cross-functional stakeholders who interact with RAVS platform and outputs.6. Partner with Security Operations and other Detection & Response Teams (DART) to embed RAVS data into incident response and remediation workflows.7. Support audit and regulatory readiness activities by ensuring RAVS processes and records meet enterprise and compliance standards.What you need to have:

Security Cloud ToolsAssist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership.

IntegrationIntegrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc

Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments.

CISSP, CISM, AWS Certified Security Specialist, or similar advanced cloud security certifications preferred.

What makes you stand out

10+ Years Experience in Vulnerability Management, incident response, cloud security, or cybersecurity related fields, with at least 3 years experience in a senior technical role.

Why join our team:

We help you be your best through professional development opportunities, interesting work and supportive leaders.

We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.

Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh McLennan(NYSEMMC) is the worlds leading professional services firm in the areas ofrisk, strategy and people. The Companys more than 85,000 colleagues advise clients in over 130 countries.With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses.Marshprovides data-driven risk advisory services and insurance solutions to commercial and consumer clients.Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wymanserves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com, or follow us onLinkedInandX.Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person Attachments  Marsh McLennan (NYSEMMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businessesMarsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.
  
  
Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.  Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person.