Job Description

Information Security Risk and Compliance Analyst - Mercer

Location: USA/Remote

Mercer is seeking an Information Security Risk & Compliance Analyst. The purpose of this Information Security Risk Analyst role is to support the Information Security Risk and Compliance functions at Mercer. This role reports to the Information Security Risk and Compliance Leader.

What can you expect?

* Be a member of a large information security team which can provide growth and career opportunities
* Gain experience working in a large complex organization
* Explore emerging technologies
* Join a company with strong values and culture

What is in it for you?

* Career Growth in a company where performance is rewarded with new opportunities
* High visibility internally and externally
* The estimated salary range for this role is from $100,000 to $115,000 with the final salary being determined on an individual basis taking into consideration factors such as:
Candidates Experience
Candidates Education
Any additional certifications/credentials
* We are excited to offer the following benefits to all of our colleagues: - Health and welfare benefits - Tuition assistance - 401K and other

We will count on you to:

* Assist in the Information Security Risk Management process by documenting, organizing, monitoring, tracking, and reporting on information security risks to address compliance and regulatory requirements while aligning with and supporting Mercers risk posture
* Collect, document, track, follow-up, and report on information security risk exceptions
* Manage quarterly changes to the Information Security Portal
* Respond to information security awareness-related questions
* Document, monitor, follow-up, and report on non-approved use of technical cloud services
* Map company security policies and procedures to industry standards and regulatory requirements
* Work with key internal and external technical stakeholders for security-related responses and evidence for client request for proposal (RFP) questionnaires and audits
* Schedule, track, follow-up, and report on role-based information security training
* Track and report on annual privacy and security awareness training

What you need to have:

* A Bachelors degree or equivalent work experience in information security, accountancy, audit, information systems, or other related field of study
* 2-3 years of work experience in IT audit, IT security, or IT risk management work
* Basic understanding of risk concepts, including risk identification, evaluation, mitigation, and measurement
* Familiarity of GDPR, PCI-DSS, HIPAA/HITECH, NIST, Information Security CPS234, and other relevant information security and data protection regulations and standards.
* Strong communication, organizational skills, interpersonal, and collaborative skills
* Proficient knowledge of Microsoft Office products including Excel, Word, and PowerPoint
* Capable of handling a variety of ad-hoc requirement
* Experience in a service-oriented organization serving many stakeholders globally
* Detail-oriented and excels in a fast-paced dynamic environment
* Natural curiosity and tenacity

At Mercer, we make a difference in the lives of more than 110 million people every day by advancing their health, wealth, and careers. We are in the business of creating more secure and rewarding futures for our clients and their employees whether we are designing affordable health plans, assuring income for retirement or aligning workers with workforce needs. Using analysis and insights as catalysts for change, we anticipate and understand the individual impact of business decisions, now and in the future. We see peoples current and future needs through a lens of innovation, and our holistic view, specialized expertise, and deep analytical rigor underpin each idea and solution we offer. For more than 70 years, we have turned our insights into actions, enabling people around the globe to live, work, and retire well. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. At Mercer, we say we Make Tomorrow, Today. Visit www.mercer.com for more information, follow us on LinkedIn, and Twitter @Mercer

Marsh & McLennan Companies offers competitive salaries and comprehensive benefits and programs including health and welfare, tuition assistance, 401K, employee assistance program, domestic partnership benefits, career mobility, employee network groups, volunteer opportunities, and other programs. For more information about our company, please visit us at http://www.mmc.com/. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. For more information, please visit us at: www.mmc.com/diversity.

Mercer LLC and its separately incorporated operating entities around the world are part of Marsh & McLennan Companies, a publicly held company (ticker symbol: MMC).

Marsh & McLennan Companies and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender Identity employers.

If you are interested in submitting you application for this opportunity, click apply and follow the steps outlined on each page. Over the course of the application, you will be asked upload a resume, provide some additional information about your work experience and answer some optional demographic questions. If you are a good fit for one of our opportunities, someone from the Marsh & McLennan Talent Acquisition will be in touch to discuss next steps.