Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Cyber Compliance Manager

AT Boston Consulting Group (BCG)
Boston Consulting Group (BCG)

Cyber Compliance Manager

London, United Kingdom

WHAT YOU'LL DO
Under the general direction of GC BISO or delegate and working with other IT, BST, etc. throughout the firm, the roles will perform the following functions:
Participate as an integral part of the Security Team in general:
Responsible for conducting internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes including IT SOX compliance.
Responsible for security product management of Local initiatives and third-party services.
Responsible for China initiative project follow up and risk escalation.
Support regulatory compliance audits relating to SOX in scope system, especially SAP.
Responsible for implementation of controls within the Information Security Strategy and Governance program, monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status update and risk profile dashboards including current and desired future state of control maturity.

Want more jobs like this?

Get Software Engineering jobs in London, United Kingdom delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.

Articulate risks identified from various sources (IT service providers, third party, risk assessments, vulnerability scan and pen tests) in terms of business impact, and maintain the risk register up-to-date with all new risk information and changes
Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including NIST CSF, ISO, SOC, CSL/MLPS 2.0, etc.
Maintain, improve, and enforce BCG security policies and IT security standards along with security exception processes.
Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment; and to agree a mitigation plan, a remediation strategy and appropriate timelines for any issues found.
Conduct and support vendor security assessments.
Assist and support the Global Senior Director of Information Security Strategy and Governance by bolstering detailed business and technical coordination in critical projects.
Provide security awareness training and design training framework.
Maintain up-to-date knowledge of the cyber security industry as it relates to BCG including:
Cyber compliance
Standards, regulations and legislation.
Security awareness
Technologies and solutions
Industry best practices
Client requirements and concerns

YOU'RE GOOD AT

Technical and functional expertise
Understanding of information security concepts including: cloud security and compliance, encryption, access controls, intrusion detection and prevention, disaster recovery, network security, security operations, security architect.
Must have previous career development experience which has provided management skills, motivational skills, interpersonal skills, and outstanding organizational effectiveness.
Knowledge of the legal and regulatory landscape related to security and privacy in an international environment.
Very strong business sense with ability to relate technology issues to business.

Problem solving, analytical skills and decision making
Requires strong analytical skills and abilities including an extensive knowledge of software, database, operating systems, client server architecture and voice and data communication services and facilities, security and privacy, in an international setting
Collect, review, and analyze various metrics, which help to measure and monitor systems, departmental performance, and quality. Discern and analyze trends.
Review and prepare monthly status reports and statistics
Manage group and project budgets

Communication, interpersonal and teaming skills
Outstanding verbal and written communications skills are a must because of the requirement to represent BCG in communications with clients.
Calm demeanor, grace under fire, outstanding listening skills

Leadership, impact and change
High level of initiative and self-motivation, resourceful, and patient with an iterative process
Ability to gain trust and commitment of others at different levels of the organization
Proven ability to challenge traditional way of operating and moving beyond the obvious
Translates BCG's broader strategic objectives and cascades these into own work plans, metrics and team work plans
Works effectively with significant ambiguity and fluctuating priorities and constrains

Work management, organization and planning
Ability to evaluate and prepare detailed project plans for technology projects that will be implemented across the business. Manage local and global technology problems and direct staff in resolution of such problems. Evaluate and advise on the technology and systems components associated with projects adopted by BCG corporate and offices.
Ability to monitor projects and direct staffs to ensure projects are aligned with the strategic objectives of the business.

Customer and business focus
Focuses on the most critical issues that have the highest impact on the organization and business needs
Working mode: "enabling", "value adding" and "expanding".
Treats all others with respect; generate trust.

People management
This position requires interaction with BCG Partners, BCG Case Team staff, client legal and security staff, Administrative Management, vendors, IT Management and Staff, Legal Department, Finance, Vendors, etc. Very strong relationship skills are essential. Excellent Leadership and teaming skills are required.

Values and ethics
Strong sense of confidentiality and integrity.
Treats others with respect and generates trust.
Establish relationships based on respect, trust and integrity.

YOU BRING (EXPERIENCE & QUALIFICATIONS)
• Bachelor's degree (or equivalent);
• Minimum 5 years of information security experience, with a very strong cyber compliance background
• Significant information security and risk management experience in a multinational enterprise
• Experience working with and implementing GRC tools and processes.
• Hands on working experiences and deep insights into Security control requirements.
• Experience building and developing successful risk management programs.
• Experience with vendor management and conducting third-party risk assessments.
• Experience creating and maintaining security policy, standard, guideline, and procedure documents.
• Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, SOX etc.
• Experience in facilitating and performing third-party vendor risk assessments with the ability to provide guidance on secure design and operation.
• Security certification like CRISC, CISSP, CISM, CISA or equivalent a plus.
• Fluent in both oral and written English.

YOU'LL WORK WITH
BCG's information technology group collaboratively delivers the latest digital technologies that enable our consultants to lead and our business to grow. For our IT jobs, we seek individuals with expertise in the areas of IT infrastructure, application development, business systems, collaborative and social technologies, information security, and project leadership.

Client-provided location(s): First Floor, Gerrard St, London W1D 5PF, UK
Job ID: Boston_Consulting_Group-22722BR
Employment Type: Other

Perks and Benefits

  • Health and Wellness

    • On-Site Gym
    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • FSA
    • Fitness Subsidies
    • Mental Health Benefits
    • Virtual Fitness Classes
    • FSA With Employer Contribution
  • Parental Benefits

    • Fertility Benefits
    • Adoption Assistance Program
    • Family Support Resources
    • Birth Parent or Maternity Leave
    • Non-Birth Parent or Paternity Leave
    • Adoption Leave
  • Work Flexibility

    • Flexible Work Hours
    • Remote Work Opportunities
    • Hybrid Work Opportunities
    • Four-Day Work Week
  • Office Life and Perks

    • On-Site Cafeteria
    • Commuter Benefits Program
    • Casual Dress
    • Happy Hours
    • Snacks
    • Some Meals Provided
    • Company Outings
    • Holiday Events
  • Vacation and Time Off

    • Sabbatical
    • Paid Vacation
    • Paid Holidays
    • Personal/Sick Days
    • Leave of Absence
    • Volunteer Time Off
  • Financial and Retirement

    • Relocation Assistance
    • Financial Counseling
    • 401(K)
    • Performance Bonus
    • Profit Sharing
    • Company Equity
  • Professional Development

    • Internship Program
    • Work Visa Sponsorship
    • Learning and Development Stipend
    • Tuition Reimbursement
    • Promote From Within
    • Mentor Program
    • Access to Online Courses
    • Lunch and Learns
    • Leadership Training Program
    • Associate or Rotational Training Program
    • Shadowing Opportunities
  • Diversity and Inclusion

    • Diversity, Equity, and Inclusion Program
    • Employee Resource Groups (ERG)