Job Description

We are seeking a motivated and collaborative leader to develop and implement our Global Cyber & IT Risk Management strategies. This role will lead the Global 3rd Party Risk Management Team, supporting vendor risk assessments and working closely with teams to identify, assess, and address risks to critical services, information, and systems. This is a hybrid role (3 days a week in office, 2 days a week remote).

Director, IT Risk Management

We will count on you to:

Develop and support global cyber and IT risk management strategies aligned with business goals. Lead the Global 3rd Party Risk Management Team in conducting vendor risk assessments and facilitating remediation efforts. Collaborate to develop risk models that assess and quantify risks to critical services, information, and systems. Maintain current and comprehensive vendor inventories and assessments. Prepare reports, presentations, and dashboards for executive leadership to communicate risk posture and emerging threats. Continuously enhance Vendor Risk Assessment methodologies to align with evolving industry standards and best practices. Foster a skilled team environment to effectively perform risk assessments and maintain strong client communication. Partner with vendors to establish cybersecurity and resilience standards within contracts. Coordinate global internal audits, client assessments, and security reviews related to third-party risk. Participate in incident response activities involving third parties, collaborating across teams to reduce exposure. Engage with operational leaders to identify emerging risks and co-develop risk-reducing solutions. Adapt and scale risk management processes to address new and evolving threats, including those related to AI and advanced technologies.

What you need to have:

Experience in cyber and IT risk management, preferably in a global or cross-functional environment. Strong interpersonal and leadership skills with experience supporting diverse, collaborative teams. Knowledge of vendor risk assessment and third-party risk management practices. Effective communication skills, able to engage with internal and external stakeholders at all levels. Familiarity with current cybersecurity frameworks, standards, and best practices. Ability to develop and apply risk models and metrics-based reporting. Experience partnering in contract negotiations related to cybersecurity and resilience. Understanding of incident response processes and cross-functional collaboration. Demonstrated ability to innovate and adapt processes to meet evolving threats, including AI-related risks.

What makes you stand out:

Proven track record of leading global teams in cyber and IT risk management. Experience driving continuous improvement in vendor risk assessment methodologies. Strong ability to build partnerships with vendors and internal stakeholders to enhance cybersecurity resilience. Expertise in emerging technologies and their associated risks, including AI. Ability to communicate complex risk concepts clearly to executive leadership and diverse audiences.

Why join our team:

We help you be your best through professional development opportunities, interesting work and supportive leaders. We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities. Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.


Marsh McLennan????????????????? (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer????????????????? and Oliver Wyman?????????????????. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com?????????????????, or follow on ?????????????????LinkedIn????????????????? and X.



Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, veteran status (including protected veterans), or any other characteristic protected by applicable law. If you have a need that requires accommodation, please let us know by contacting reasonableaccommodations@mmc.com.



Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one "anchor day" per week on which their full team will be together in person.



The applicable base salary range for this role is $168,900 to $337,900.


The base pay offered will be determined on factors such as experience, skills, training, location, certifications, education, and any applicable minimum wage requirements. Decisions will be determined on a case-by-case basis. In addition to the base salary, this position may be eligible for performance-based incentives.



We are excited to offer a competitive total rewards package which includes health and welfare benefits, tuition assistance, 401K savings and other retirement programs as well as employee assistance programs.