Manager - Cyber Security Secrets Management Gurugram - DLF Building

Company:

MMC Corporate

Description:

We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon/Noida. This is a hybrid role that has a requirement of working at least three days a week in the office.

Manager - Cyber Security Secrets Management

What can you expect?

• To manage the exposed secrets in our environment across the enterprise.
• With the growing use of advanced technologies, cloud technologies, complex configurations, and fast pace to the cloud migration, this poses significant risk of unauthorized access and data breaches.
• Secrets Management Specialist who will be performing investigations in identifying, classifying, and securing sensitive information across our infrastructure
• . This candidate will be responsible for overseeing and managing the entire lifecycle of secrets across the enterprise.
• This candidate will be responsible for overseeing the secrets management programs to ensuring security policies and procedures for secure storing, rotation, and access control of secrets are followed.
• This candidate will operate the various secrets tools/systems daily.
• This person will be performing continuously scanning and identifying exposed secrets.
• The candidate will be responding to, supporting all secrets alerts, incoming IR incidents, and remediating secrets exposures.
• The role will be communicating with cross functional teams of the risks and vulnerabilities associated to exposed secrets. Investing in this critical role will reduce risk of costly breaches, and increased compliance with data security regulations.

We will count on you to:

Strategic Planning and Governance

1.         Strategy, Policy, and Procedures Advancement: Maintain and lead comprehensive secret management strategy aligned with the organization’s overall security posture, compliance requirements, and cloud-native security best practices. Maintain and strengthen policies, standards, and procedures for secrets management, including access controls, rotation, remediations, and incident response.

2.         Risk Assessment: Conduct regular risk assessments to identify potential vulnerabilities, gaps, and threats related to secrets exposures in cloud and on-premises environments.

3.         Compliance Oversight: Ensure compliance with industry standards, regulations (e.g., NYDFS, GDPR, Privacy, DORAs, etc.), internal policies, and cloud provider security standards (e.g., AWS Security Best Practices, Azure Security Benchmark, GCP Security Best Practices, etc.).
 

Secret Discovery and Inventory

1.         Automated Discovery: Implement automated tools and techniques to identify and categorize secrets across the organization’s infrastructure cloud and on-premises infrastructures, applications, and code repositories.

2.         Manual Assessment Reviews: Conduct regular manual reviews to supplement automated discovery efforts for legacy systems and custom applications.  

3.         Inventory: Maintain a comprehensive and accurate inventory of all secrets, including their type, detection date, location, access controls, and cloud provider specific attributes.
 

Secrets Rotation and Management

1.         Rotation Policies: Maintain and enforce security rotation policies for all secrets, including cloud based secrets to minimize the risk of compromise.

2.         Automated Rotation: Maintain and oversee the automated tools to rotate secrets on a regular schedule, integrating with cloud providers rotation mechanisms.

3.         Secure Storage: Ensure secrets are stored securely and following the organization’s encryption technologies in cloud based secret vaults or hardware security modules.

4.         Access Controls: Maintain and ensure access controls to limit access to secrets to authorized personnel, leveraging the organization’s identity and access management capabilities.

Remediation

1.         Implement corrective actions to address vulnerabilities and prevent future incidents, including configurating cloud security controls and updating security policies.

2.         Maintain and support the incident response plan for secret exposure incidents.

3.         Support incident investigations and conduct thorough investigations to determine the root cause of secret exposure incidents, analyzing logs and security events.

4.         Assist in post-incident reviews to identify lessons learned and improve security practices.

What you need to have:

• Secret Management Tools: Assist with the evaluation and selection of secret management tools that integrate seamlessly with various cloud environments and provide fine granular access controls.
• Integration: Integrate the secret management tools with other security tools and systems, including the SIEM solutions.
• Develop and deliver training programs to educate colleagues about the importance of secret management, cloud security best practices, and the specific risks associated with cloud based secrets for appliable cross functional teams.

What makes you stand out?

• Experience in Cyber secret management

Why join our team:

• We help you be your best through professional development opportunities, interesting work and supportive leaders.
• We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
• Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh McLennan (NYSE: MMC) is the world’s leading professional services firm in the areas of risk, strategy and people. The Company’s more than 85,000 colleagues advise clients in over 130 countries.  With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh provides data-driven risk advisory services and insurance solutions to commercial and consumer clients. Guy Carpenter  develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer  delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com, or follow us on LinkedIn and X.

Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person

Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $23 billion and more than 85,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.

Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.