Consultant - Risk Consulting

Marsh is seeking candidates for the following position based in the Lisbon  or Oporto office: 

Cybersecurity Risk Consultant 

What can you expect? 

• Join a dynamic team focused on cyber resilience and regulatory compliance; 

• Identify, evaluate, and mitigate cyber risks for our diverse local and international client portfolio; 

• Deliver comprehensive risk assessments and strategic recommendations to executive leadership and board members on several topics related with cyber risk management – risk analysis, controls implementations, third-party risk management, incident response and recover, amongst others; 

• Support clients in strengthening their cybersecurity posture and achieving regulatory compliance; 

• Collaborate with cross-functional teams including underwriting, claims, and technology partners, when needed. 

What's in it for you? 

• Be part of a multinational organization where you'll be able to learn, grow and develop your career; 

• Join a dynamic and international business environment with exposure to cutting-edge cyber threats and solutions; 

• You will have the possibility to access specialized training in cybersecurity and regulatory compliance risk assessment methodologies, threat intelligence, and industry best practices; 

• Work closely with experienced cybersecurity professionals, compliance professionals and industry experts to develop advanced technical and strategic skills; 

• A permanent contract and generous benefits package, including pension plan, health and life insurance; 

• For the  first 3 months it's required to work from the office. After that, you can opt for the hybrid working model, which allows you to work from home 2 days per week. 

We will count on you to: 

• Conduct comprehensive cybersecurity risk assessments for enterprise clients; 

• Analyze vulnerabilities, threat vectors, and potential impact on business operations; 

• Develop actionable remediation strategies and risk mitigation recommendations; 

• Stay current with emerging cyber threats, attack methodologies, and regulatory requirements; 

• Prepare detailed technical and executive-level reports on cyber risk findings; 

• Elaborate cyber incident response and recover playbooks and strategies; 

• Develop third-party risk management systems and procedures; 

• Collaborate with clients to understand their business environment and risk appetite; 

• Support underwriting and pricing decisions with expert cyber risk insights;. 

• Develop training and culture sessions to improve awareness regarding cyber threats, vulnerabilities and risks at our clients. 

What you need to have: 

• Degree in Computer Science, Cybersecurity, Information Security, or similar field (or equivalent professional experience); 

• 3 or more years of experience in cybersecurity risk assessment or related cybersecurity roles; 

• Strong knowledge of cyber threats, vulnerabilities, and security frameworks (NIST, ISO 27000-package1, CIS Controls); 

• Detail-oriented and organized profile with excellent analytical capabilities; 

• Strong verbal and written communication skills in English (at least B2 level); 

• Ideal candidates should be comfortable conducting business conversations also in Spanish; 

• Proficiency with cybersecurity assessment tools and frameworks; 

• Very good knowledge of Microsoft Office Excel. 

• Good knowledge of Microsoft PowerPoint, 

• Ideal candidates should be comfortable or at least curious and interested about Microsoft Power BI.  

What makes you stand out? 

• Advanced technical expertise in network security, application security, or infrastructure protection; 

• Interest in consulting projects and providing services to clients in cybersecurity and regulatory compliance; 

• Relevant certifications such as CISSP, CISM, CEH, or OSCP; 

• Operational thinking combined with strong technical capabilities; 

• Excellent problem-solving abilities and a detail-oriented mindset; 

• Strong team player with ability to influence and guide stakeholders; 

• Autonomy and sense of care; 

• Intellectual curiosity with passion for continuous learning in the cybersecurity and regulatory compliance  domains; 

• Emotional intelligence and ability to communicate complex cyber risks to non-technical audiences.