Manager - IT Risk Management

Posted:
6/29/2026, 7:24:11 PM

Location(s):
Pune, Maharashtra, India ⋅ Maharashtra, India

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
Hybrid

Company:

Marsh Corporate

Description:

We are seeking a talented individual to join our GIS Team at Marsh. This role will be based in Pune. This is a hybrid role that has a requirement of working at least three days a week in the office.

The Global Information Security (GIS) team within Marsh is looking for an IT Controls Specialist who will be responsible for helping build and maintain our organization’s security control documentation, manage control evidence to support compliance, and assist with mapping those controls to various NIST standards, policy, legal and regulatory requirements.

We are looking for a candidate interested in how the IT controls management process works and wants to learn from a highly skilled, experienced team. This position offers an excellent opportunity for a motivated individual to gain valuable experience in the areas of IT audit and regulatory compliance while developing a strong foundation for a successful career in technology risk management and control implementation.

The ideal candidate likes challenges, opportunities to develop innovative approaches to satisfy various program needs and keeps pace with the rest of the team. The candidate will collaborate closely with senior members of the Controls Inventory team, Cyber and IT Risk Management teams, internal IT teams and various business operations teams to identify and prioritize the mitigation of identified control gaps within our organization as well as the development of plans to remediate. The role will include but not be limited to three main functions:

  • Audit Support – Working closely with GIS audit remediation team to manage internal and external IT audit requirements and their findings, map the controls required to comply with audit requirements, and identify any gaps that may exist in the controls environment for future consideration.
  • Regulatory Compliance – Partnering with Privacy and Compliance to identify regulations around the globe that impact our organization, and the establishment of the IT controls needed to comply.
  • Security Control Alignment – Identification, mapping and tracking evidence of our ability to meet the controls outlined by the National Institute of Standards and Technology (NIST)

WHAT YOU CAN EXPECT:

  • A fast-paced environment with great culture and leadership.
  • Passionate team members who are dedicated to business enablement.
  • Autonomy to deliver in your role, while getting strong support from senior team members and management to collaborate across the organization.

WE WILL COUNT ON YOU TO:

  • Have good analytical and research skills to review and understand the data being extracted from existing reports, tools, etc. within the MMC and regulatory environments, and how to effectively parse that data and translate into actionable elements.
  • Perform as a highly organized individual who can operate independently while also supporting his/her team at the level necessary to be successful.
  • Provide relevant information to key stakeholders to effectively manage information and risk across the organization.
  • Work with Privacy and Compliance to identify the regulations impacting our organization, the IT Controls in place that support the regulatory requirements, and any gaps that need to be closed.
  • Collaborate with IT teams to develop and track plans to close compliance and IT Control gaps.
  • Partner with Information Security and IT teams across the globe to develop a comprehensive Enterprise IT Controls Inventory.

WHAT YOU NEED TO HAVE:

  • Knowledge of information systems, software and security related products and services.
  • Significant experience with Microsoft Office Suite.
  • The ability to articulate business/technical requirements to IT teams and business users.
  • Great people skills and ability to establish partnerships and collaborate at various levels.
  • Demonstrated ability to meet deadlines in a fast-paced environment.
  • Excellent verbal and written communication skills
  • Relevant internships or work experience in IT audit, risk management, or information security.

WHAT MAKES YOU STAND OUT?

  • Knowledge of Security frameworks including NIST CSF, NIST SP800-53 and ISO 27001.
  • Knowledge of regulatory laws impacting global IT organizations (e.g., Sarbanes-Oxley, NYDFS Cybersecurity Regulation, CPS 234, China PIPL, etc.).
  • Knowledge of MMC’s risk and compliance landscape (SOC 2, PCI DSS, SOX) and IT General Computer Controls (GCC’s).

WHY JOIN OUR TEAM?

  • We help you be your best through professional development opportunities, interesting work, and supportive leaders.
  • We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and make an impact for colleagues, clients, and communities.
  • Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh (NYSE: MRSH) is a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $27 billion and more than 95,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information, visit corporate.marsh.com, or follow us on LinkedIn and X.

Marsh is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.

Marsh (NYSE: MRSH) is a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $27 billion and more than 95,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information, visit corporate.marsh.com, or follow us on LinkedIn and X.

Marsh is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.