Consultant - Risk Consulting

Marsh is seeking candidates for the following position based in the Lisbon  or Oporto office:

Cybersecurity Risk Consultant

What can you expect?

• Join a dynamic team focused on cyber resilience and regulatory compliance;

• Identify, evaluate, and mitigate cyber risks for our diverse local and international client portfolio;

• Deliver comprehensive risk assessments and strategic recommendations to executive leadership and board members on several topics related with cyber risk management – risk analysis, controls implementations, third-party risk management, incident response and recover, amongst others ;

• Support clients in strengthening their cybersecurity posture and achieving regulatory compliance;

• Collaborate with cross-functional teams including underwriting, claims, and technology partners, when needed.

What's in it for you?

• Be part of a multinational organization where you'll be able to learn, grow and develop your career;

• Join a dynamic and international business environment with exposure to cutting-edge cyber threats and solutions;

• You will have the possibility to access specialized training in cybersecurity and regulatory compliance risk assessment methodologies, threat intelligence, and industry best practices;

• Work closely with experienced cybersecurity professionals , compliance professionals and industry experts to develop advanced technical and strategic skills;

• A permanent contract and generous benefits package, including pension plan, health and life insurance;

• For the first 3 months it's required to work from the office. After that, you can opt for the hybrid working model, which allows you to work from home 2 days per week.

We will count on you to:

• Conduct comprehensive cybersecurity risk assessments for enterprise clients;

• Analyze vulnerabilities, threat vectors, and potential impact on business operations;

• Develop actionable remediation strategies and risk mitigation recommendations;

• Stay current with emerging cyber threats, attack methodologies, and regulatory requirements;

• Prepare detailed technical and executive-level reports on cyber risk findings;

• Elaborate cyber incident response and recover playbooks and strategies;

• Develop third-party risk management systems and procedures;

• Collaborate with clients to understand their business environment and risk appetite;

• Support underwriting and pricing decisions with expert cyber risk insights ; .

• Develop training and culture sessions to improve awareness regarding cyber threats, vulnerabilities and risks at our clients .

What you need to have:

• Degree in Computer Science, Cybersecurity, Information Security, or similar field (or equivalent professional experience);

• 3 or more years of experience in cybersecurity risk assessment or related cybersecurity roles;

• Strong knowledge of cyber threats, vulnerabilities, and security frameworks (NIST, ISO 27000-package 1 , CIS Controls);

• Detail-oriented and organized profile with excellent analytical capabilities;

• Strong verbal and written communication skills in English (at least B2 level);

• Ideal candidates should be comfortable conducting business conversati ons also in Spanish ;

• Proficiency with cybersecurity assessment tools and frameworks;

• Very good knowledge of Microsoft Office Excel .

• Good knowledge of Microsoft PowerPoint,

• Ideal candidates should be comfortable or at least cu rio us and interested about Microsoft Power BI. 

What makes you stand out?

• Advanced technical expertise in network security, application security, or infrastructure protection;

• Interest in consulting projects and providing services to clients in cybersecurity and regulatory compliance ;

• Relevant certifications such as CISSP, CISM, CEH, or OSCP;

• Operational thinking combined with strong technical capabilities;

• Excellent problem-solving abilities and a detail-oriented mindset;

• Strong team player with ability to influence and guide stakeholders;

• Autonomy and sense of care ;

• Intellectual curiosity with passion for continuous learning in the cybersecurity and regulatory compliance domain s ;

• Emotional intelligence and ability to communicate complex cyber risks to non-technical audiences.

Marsh Risk is a business of Marsh (NYSE: MRSH), a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $27 billion and more than 95,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information about Marsh Risk, visit marsh.com, or follow us on LinkedIn and X.

Marsh is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.