Senior Manager - Cloud Infra Vulnerability

Job Description For Posting

We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon/Noida. This is a hybrid role that has a requirement of working at least three days a week in the office.

Senior Manager - Cyber Security Cloud Infrastructure Vulnerability Management

What can you expect?

• To oversee and manage the security posture of the organizations entire cloud environment across all regions globally.
• This critical role requires a deep understanding of cloud security principles, Cloud Service Provide (CSP) platforms, and the ability to leverage sophisticated cloud tooling to proactively identify, detect, assess, report vulnerabilities and threats.     

We will count on you to:

Cloud Security Management

1.         Multi Cloud Expertise: Possess in depth knowledge of leading cloud platforms (AWS, Azure, GCP, etc.) and their security best practices.

2.         Develop and implement a comprehensive cloud security strategy aligned with industry standards and the organization’s risk tolerance.

3.         Proactively access and harden cloud infrastructure configurations to minimize attack surface and potential vulnerabilities.

4.         Identity and Access Management (IAM): Enforce and maintain granular IAM policies across all cloud environments to ensure least privilege access.

Vulnerability Detection and Threat Response

1.         Perform continuous asset discovery to identify and track all cloud resources, including servers, databases, storage, network devices, etc.

2.         Conduct regular, continuous, and adhoc vulnerability scanning to identify and prioritize security vulnerabilities and potential threats.

3.         Monitor for emerging threats and zero day vulnerabilities utilizing threat detection and response program.

4.         Identify and remediate misconfigurations that can lead to security breaches.

5.         Container Security. Ensure the security of containerized workloads by scanning images for vulnerabilities and enforcing best practices.

6.         Collaborate and lead remediation teams on plans for identified vulnerabilities, leveraging the security cloud vulnerability’s automation capabilities where applicable.

7.Prioritization of security patch management to ensure timely patching of security vulnerabilities in cloud infrastructure and applications based on vendor recommendation.

8.         Generate regular reports on vulnerabilities, trends, remediation progress, and security cloud posture.

Cloud Security VM Operations

1.         Standardization: Enforce established security policies and procedures across all cloud environments.

2.         Compliance Management: Maintain compliance with industry regulations (e.g., GDPR, NYDFS, Privacy, etc.) and internal security policies.

3.         Security Incident Response: Assist in IR investigations and remediation of cloud security incidents, leveraging the security cloud system’s vulnerability tool to analyze activities, logs, and identify root causes.

Security Cloud System’s Vulnerability Tool

1.         Advance the tool’s configuration: Assessment of configurations policies, rules, and alerts to maximize its effectiveness in identifying and mitigating cloud vulnerabilities and security risks.

2.         Analyze data generated by the tool to identify trends, patterns, and potential security issues.

3.         Maintain and support custom automation workflows within the tool streamline remediations processes and improve efficiency.

4.        Integrate the tool with broader security tools (SIEM, CMDB, SOAR, SOC, etc.) to create a comprehensive security informed program

5.         Actively monitor the tool’s alerts and notifications, prioritizing critical security vulnerabilities and issues.

a.         Alert triage and prioritization to accurately assess the severity and potential impact of alerts, assigning appropriate priority levels.

b.         Ensure remediation management to create and manage remediation tasks to timely resolve identified vulnerabilities and misconfigurations.

c.         Maintain SLA adherence to monitor and resolve alert response and remediation times.

d.         Conduct thorough root cause analysis through investigations to determine the root cause of vulnerability remediation failures and implement alternative solutions.

e.         Generate regular reporting and metrics on vulnerabilities and threats for alert trending and remediation effectiveness.

What you need to have:

• Security Cloud Tools: Assist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership.
• Integration: Integrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc
• Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments.
• Collaborate with development, business CISOs, operations, and cloud teams to ensure effective vulnerability management practices throughout the SDLC, cloud, and production environments.

What makes you stand out?

• Experience in Cyber Cloud Infrastructure Vulnerability Management

Why join our team:

• We help you be your best through professional development opportunities, interesting work and supportive leaders.
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
• Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh McLennan (NYSE: MMC) is the world’s leading professional services firm in the areas of risk, strategy and people. The Company’s more than 85,000 colleagues advise clients in over 130 countries.  With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh provides data-driven risk advisory services and insurance solutions to commercial and consumer clients. Guy Carpenter  develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer  delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com, or follow us on LinkedIn and X.

Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person