Application Security Architect

Company:

Description:

Mercer is seeking candidates for the following position based in Melbourne or Sydney:

Application Security Architect

What can you expect?

Mercer Information Security is looking for an Application Security Architect to play a key role in ensuring the security of Mercer's application systems. As part of the Information Security team, you will work closely with application, infrastructure, operations, and other technical teams to review and deliver secure application systems. Reporting to Mercer's Application Security Architect Lead, you will be the dedicated information security resource supporting the Asia Pacific business.

What is in it for you?

• Hybrid working environment.
• Leading training and development programs.
• Professional environment where your career path really matters and is supported in our global organization.
• Great team of supportive colleagues.

We will count on you to:

• Support Mercer Information Security strategies and fundamentally ensure the security of the information Mercer is entrusted to protect.
• Review and provide security recommendations for Engineering Design Diagrams.
• Engage in new and existing application projects to provide guidance and direction for all aspects of the Secure Systems Development Life Cycle (SSDLC).
• Work with business and IT to create data flow diagrams.
• Assist with assessing and remediating BitSight Score findings.
• Assist in the identification, prioritization, and remediation of application vulnerabilities.
• Help define and continuously improve application vulnerability product and technology roadmaps.
• Leverage industry-standard tools to map and model the application architecture and traffic flow to predetermine areas of focus for improving security and reducing risks.
• Assist with Mercer's security program, client security requests, audits, risk exceptions, and questionnaires.
• Liaise with Marsh McLennan colleagues and stakeholders and navigate the system to continue with the IT deployment plan in place to achieve the business objectives.
• Integrate Mercer's security framework with Marsh McLennan policies.

What you need to have:

• Understanding of application coding practices, terminology, and remediation techniques for OWASP top 10 and SANS top 25 are required.
• A bachelor’s degree or equivalent work experience in computer science, information systems, informatics, cybersecurity, or a related field.
• 3+ years of experience in a technical cybersecurity role, with experience in cloud security and cloud system implementation.
• Exceptional technical acumen, with a deep understanding of IT systems, emerging technologies, and cybersecurity practices.
• Experience with adding security to the CI/CD pipeline.
• Experience remediating findings found by cybersecurity rating firms.
• Ability to remain current on security industry trends, attack techniques, mitigation techniques, security technologies, and new and evolving threats.
• Excellent interpersonal skills and ability to leverage cross-functional teams to drive changes in a complex environment.
• Strong oral and written communication skills.
• SANS training/certifications and CISSP are preferred.
• Experience with cloud computing environments.

About us:

Mercer believes in building brighter futures by redefining the world of work, reshaping retirement and investment outcomes, and unlocking real health and well-being. Mercer’s more than 25,000 employees are based in 44 countries and the firm operates in over 130 countries. Mercer is a business of Marsh McLennan (NYSE: MMC), the world’s leading professional services firm in the areas of risk, strategy and people, with 76,000 colleagues and annual revenue of $17 billion. Through its market-leading businesses including Marsh, Guy Carpenter and Oliver Wyman, Marsh & McLennan helps clients navigate an increasingly dynamic and complex environment. For more information, visit https://www.mercer.com/. Follow Mercer on Twitter @Mercer.

Marsh McLennan is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin colour, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person. Note: the changes to our hybrid work policy do not apply to officially designated remote workers and are subject to any works council or local legal requirement.

Please apply using the link below, applications will only be considered from candidates who have the appropriate approval to work in Australia. Successful applicants will be required to complete a Criminal & Bankruptcy check prior to commencement of employment.