Marsh is seeking candidates for the following position based in the Lisbon or Oporto office:

Cybersecurity Risk Consultant

What can you expect?

• Join a dynamic team focused on cyber resilience and regulatory compliance;

• Identify, evaluate, and mitigate cyber risks for our diverse local and international client portfolio;

• Deliver comprehensive risk assessments and strategic recommendations to executive leadership and board memberson severaltopics related with cyber risk management – risk analysis, controls implementations,third-party risk management,incident response and recover, amongst others;

• Support clients in strengthening their cybersecurity posture and achieving regulatory compliance;

• Collaborate with cross-functional teams including underwriting, claims, and technology partners, when needed.

What's in it for you?

• Be part of a multinational organization where you'll be able to learn, grow and develop your career;

• Join a dynamic and international business environment with exposure to cutting-edge cyber threats and solutions;

• You will have the possibility to access specialized training in cybersecurityand regulatory compliancerisk assessment methodologies, threat intelligence, and industry best practices;

• Work closely with experienced cybersecurity professionals, compliance professionalsand industry experts to develop advanced technical and strategic skills;

• A permanent contract and generous benefits package, including pension plan, health and life insurance;

• For the first3 months it's required to work from the office. After that, you can opt for the hybrid working model, which allows you to work from home 2 days per week.

We will count on you to:

• Conduct comprehensive cybersecurity risk assessments for enterprise clients;

• Analyze vulnerabilities, threat vectors, and potential impact on business operations;

• Develop actionable remediation strategies and risk mitigation recommendations;

• Stay current with emerging cyber threats, attack methodologies, and regulatory requirements;

• Prepare detailed technical and executive-level reports on cyber risk findings;

• Elaborate cyber incident response and recover playbooks and strategies;

• Develop third-party risk management systems andprocedures;

• Collaborate with clients to understand their business environment and risk appetite;

• Support underwriting and pricing decisions with expert cyber risk insights;

• Developtrainingandculture sessionsto improve awareness regarding cyber threats,vulnerabilitiesand risksat our clients

What you need to have:

• Degree in Computer Science, Cybersecurity, Information Security, or similar field (or equivalent professional experience);

• 3 or more years of experience in cybersecurity risk assessment or related cybersecurity roles;

• Strong knowledge of cyber threats, vulnerabilities, and security frameworks (NIST, ISO 27000-package1, CIS Controls);

• Detail-oriented and organized profile with excellent analytical capabilities;

• Strong verbal and written communication skills in English (at least B2 level);

• Ideal candidates should be comfortable conducting businessconversationsalsoin Spanish;

• Proficiency with cybersecurity assessment tools and frameworks;

• Very goodknowledge ofMicrosoft Office Excel

• Good knowledge ofMicrosoftPowerPoint,

• Ideal candidates should be comfortableor at least curiousand interested about Microsoft Power BI.

What makes you stand out?

• Advanced technical expertise in network security, application security, or infrastructure protection;

• Interest in consulting projects and providing services to clientsin cybersecurity and regulatory compliance;

• Relevant certifications such as CISSP, CISM, CEH, or OSCP;

• Operationalthinking combined with strongtechnical capabilities;

• Excellent problem-solving abilities and a detail-oriented mindset;

• Strong team player with ability to influence and guide stakeholders;

• Autonomy and sense of care;

• Intellectual curiosity with passion for continuous learning in the cybersecurityand regulatory compliancedomains;

• Emotional intelligence and ability to communicate complex cyber risks to non-technical audiences.