Director - IT Risk Management

Company:

Marsh Corporate

Description:

We are seeking a talented individual to join our GIS Team at Marsh. This role will be based in Pune. This is a hybrid role that has a requirement of working at least three days a week in the office.

Director, Cyber & IT Risk Management

The Global Information Security (GIS) team at Marsh is seeking a motivated and collaborative leader to develop and implement our Global Cyber & IT Risk Management strategies. We are looking for a forward-thinking leader to help shape and advance our global risk management strategy across cyber and IT risk management, third party risk management, technical risk assessment, and AI risk. In this role, you will lead a high-performing team and partner across the organization to identify, assess, and manage risks to critical services, information, systems, vendors, and emerging technologies.

WHAT YOU CAN EXPECT:

A fast-paced environment with great culture and leadership.
Passionate team members who are dedicated to business enablement.
Autonomy to deliver in your role, while getting strong support from management to collaborate across the organization.

WE WILL COUNT ON YOU TO:

Develop, lead, and continuously enhance global cyber and IT risk management strategies aligned with business objectives and risk appetite.
Lead and develop a large, diverse team responsible for cyber, IT, third-party, technical, and AI-related risk activities.
Oversee third party risk management activities, including vendor risk assessments, remediation tracking, and coordination of internal and external reviews.
Lead technical risk assessment efforts to evaluate risks to systems, applications, infrastructure, and critical services.
Collaborate with business, technology, security, and operational leaders to identify emerging risks and implement practical risk-reducing solutions.
Develop and maintain risk models, metrics, and reporting to quantify risk exposure and support decision-making.
Prepare clear, actionable reports, dashboards, and presentations for executive leadership and governance forums.
Strengthen and evolve risk management methodologies, control assessment processes, and governance practices in line with industry standards and best practices.
Partner with internal stakeholders and external providers to establish appropriate cybersecurity, resilience, and risk requirements.
Support incident response, issue management, and remediation efforts involving technology, vendors, and third-party dependencies.
Advance the organization’s approach to AI risk by helping assess governance, control expectations, and emerging technology exposure.
Build a strong team culture focused on accountability, collaboration, service excellence, and continuous improvement.
Own risk appetite definition and risk acceptance process, including approvals and documentation.

Lead cyber tabletop exercises and serve as part of the incident command structure for major incidents; coordinate crisis communications with Legal/Comms.
Collaborate with Business Continuity & Disaster Recovery leads to align cyber risk and resilience strategies.

WHAT YOU NEED TO HAVE:

Extensive experience in cyber and IT risk management, ideally in a global, complex, or highly regulated environment.
Demonstrated experience leading teams and managing multi-disciplinary risk responsibilities.
Strong knowledge of third party risk management, technical risk assessment, and cybersecurity risk frameworks.
Ability to develop and apply risk models, metrics, and reporting to communicate risk clearly to executive audiences.
Excellent communication and relationship-building skills, with the ability to influence across all levels of the organization.
Experience partnering with technology, security, legal, procurement, audit, and operational teams.
Strong understanding of risk governance, issue management, incident response, and remediation processes.
Familiarity with AI-related risks, emerging technologies, and the evolving control environment.
Proven ability to drive process improvement, operational excellence, and scalable risk management practices.
GRC/TPRM platforms: hands-on experience with platforms like OneTrust, BitSight, or similar.
Data protection: encryption, key management, and DLP (Data Loss Prevention) controls
Deep technical knowledge across cloud, infrastructure, application security, identity, and modern architecture.
Education: Bachelor’s degree in Computer Science, Information Security, Engineering, or related field required; Master’s degree preferred.

WHAT MAKES YOU STAND OUT?

Proven success leading global teams across cyber, IT, and enterprise risk functions.
Experience building and maturing integrated risk management programs beyond traditional third party risk.
Strong track record of influencing senior stakeholders and executive leadership.
Deep understanding of technical risk domains and emerging technology risks, including AI.
Ability to simplify complex risk concepts and translate them into clear business decisions.
A collaborative leadership style that builds strong teams, improves performance, and drives accountability.
Certifications (preferred): CISSP, CISM, CRISC, CCSP, or ISO 27001 Lead Implementer/Auditor; certification or coursework in AI risk governance is advantageous.
Knowledge of GDPR, India Data Protection rules, SOC 2, ISO 27001, NIST CSF, and other relevant financial/insurance regulations
Experience supporting external audits, attestations, and regulatory examinations

WHY JOIN OUR TEAM?

We help you be your best through professional development opportunities, interesting work and supportive leaders.
We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh (NYSE: MRSH) is a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $24 billion and more than 90,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information, visit corporate.marsh.com, or follow us on LinkedIn and X.

Marsh is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person

Marsh (NYSE: MRSH) is a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $27 billion and more than 95,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information, visit corporate.marsh.com, or follow us on LinkedIn and X.