WHAT YOU'LL DO

The right candidate is responsible for managing security compliance for BCG’s software and data offerings in alignment with AICPA’s SOC 1 and SOC 2 framework and ISO 27001 standards. The right candidate must be able to demonstrate understanding of the fundamental security compliance frameworks, understand security and compliance audit processes and be able to collaborate with the team. The candidate must be a proactive team player, be able to communicate information and explanation to guide solutions. Additionally, the candidate must demonstrate strong customer service to set of internal stakeholders and develop positive and collaborative relationships within own area.

The successful candidate possesses excellent interpersonal and communication skills, both written and oral, required to partner with team members and stakeholders across the business to identify compliance gaps, issues and risks.
The role will report to the head of Governance & Risk Management for BCG X and sit within BCG’s information Security team.

YOU'RE GOOD AT

Understanding cybersecurity compliance frameworks - SOC 1, SOC 2, ISO 27k.

Have a risk mindset, eye for detail, and can apply critical thinking.

Working with auditors, audit request lists and taking ownership of gathering security audit evidence.

Coordinating audits and conducting reviews of deliverable to verify compliance with internal policies and industry best practices.

Thorough with an eye for detail to ensure completeness of audit and compliance requests.

Ensuring clear and expedient escalations with informed recommendations to management.

Being a team player and working to achieve common goal in a dynamic setting.

Identify and leverage lessons learned and best practices from audits, fostering the culture of continuous improvement within BCG.

YOU BRING (EXPERIENCE & QUALIFICATIONS)

Broad working knowledge in key areas of security compliance frameworks (SOC 1, SOC 2, HITRUST, ISO 27k).

Minimum of 2 years’ experience working with security compliance audits.

A minimum bachelor’s degree in any discipline. Computer science, cyber security and risk or technology degrees preferred.

Fluent in English (verbal and written) Strong communication.

Flexibility in scheduling, capable and willing to attend conference calls outside of regular working hours to accommodate the geographical requirements and time zones of our stakeholders, and team members.

Flexibility in scheduling, capable and willing to attend conference calls outside of regular working hours to accommodate the geographical requirements and time zones of our stakeholders, and team members.

Strong work management, and work ethics required.

Ability to work successfully within a cohesive and matrixed team environment.

Superior interpersonal and communication skills; projects confidence and trust.

YOU'LL WORK WITH

The role will report to the head of Governance & Risk Management for BCG X and sit within BCG’s information Security risk management team, working closely with product and engineering, security and IT teams.

WHO WE ARE

BCG pioneered strategy consulting more than 50 years ago, and we continue to innovate and redefine the industry. We offer multiple career paths for the world’s best talent to have a real impact on business and society. As part of our team, you will benefit from the breadth and diversity of what we are doing today and where we are headed next. We count on your authenticity, exceptional work, and strong integrity. In return we are committed to supporting you in discovering the most fulfilling career journey possible—and unlocking your potential to advance the world. Our team called Global Services (GS) provides corporate support to business areas such as Finance, Legal, HR, Marketing and IT. This diverse team of experts, operators and specialists represent all levels from Partner to entry level staff, operating across the globe in multiple countries. Global Services is in short, the backbone of BCG.

EQUAL OPPORTUNITY

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, protected veteran status, or any other characteristic protected under federal, state or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.