WHAT YOU'LL DO
As the Information Security Risk Manager at BCG, you will be a key player in our efforts to protect digital assets and manage cybersecurity risks. This pivotal role involves overseeing the risk management framework, maintaining the risk register, and managing the overall risk operations within the organization. Your strategic and operational expertise will ensure that information security risks are identified, assessed, and mitigated effectively. You will be part of the ISRM Strategy & Governance team, contributing to the strategic direction and governance of the information security program. This includes executing risk assessment methodologies, participating in security awareness programs, and ensuring comprehensive metrics and reports including key performance and risk indicators are appropriately maintained.
Want more jobs like this?
Get Project Management jobs in Munich, Germany delivered to your inbox every week.
YOU'RE GOOD AT
Information Security: You should demonstrate a deep and comprehensive understanding of information security risk principles including threat, vulnerability, risk, and controls.
Practical application of risk management should be your fundamental competency.
Risk Management: You excel in developing, maintaining, and continuously updating a comprehensive risk register that tracks all known information security risks, their potential impacts, and mitigation strategies.
Operational Leadership: You are adept at leading the day-to-day operations of identifying, evaluating, and mitigating risks, ensuring alignment with internal policies and external regulations.
Strategic Planning: You have a strong capability in crafting strategic risk management plans that are in harmony with the organization's objectives and security standards, and coordinating these efforts across various company levels.
Stakeholder Engagement: You are proficient in communicating risk-related issues and strategies to stakeholders, including executive leadership and external partners, providing clear and concise reports and presentations.
YOU BRING (EXPERIENCE & QUALIFICATIONS)
Experience and Skills: 7+ years in a Global Information Security function, preferably within high-stakes or rapidly changing industries, driving Information Security Strategy and Governance. Candidate should be driving Information Security Strategy and Governance with a deep and broad understanding of information security principles including threat, vulnerability, risk, and controls, specifically around policies, security practices, and risk management methodologies.
Technologies: Advanced proficiency with AuditBoard is preferred. Experience with other key cybersecurity technologies such as SIEM, firewall management, and intrusion detection systems is highly regarded.
Education: Bachelor's degree in computer science, information security, or a related field; a graduate degree is a plus.
Competencies: Candidates must exhibit technical and functional expertise in IT and security, including advanced project management skills and proficiency in leading cross-functional teams. Excellent interpersonal skills, such as motivational capabilities and organizational effectiveness, are crucial. Must possess outstanding problem-solving and analytical capabilities, with a proven track record of innovative solutions in past roles.
Communication Skills: Excellent oral and written communication skills in English. Ability to work independently, follow a disciplined approach, and have an analytical mindset with a desire to learn and work bi-modally.
International Experience: Experience in working in a global, multi-national organization. Additional experience with global security operations and understanding the complexities of multi-regional compliance and data protection laws are essential.
* Certifications: Certifications like CISSP, CISM, CRISC are definitely a plus
YOU'LL WORK WITH
As part of the Global Risk team - Information Security Risk Managment you will work with people around the global, mostly with the functions IT, Enterprise Risk Management, Assurance and Advisory, Information Security and Lega.l