WHAT YOU'LL DO As the IT Security Controls Manager your will act as a "cyber control officer" of the Company under the supervision of the Director of Strategy, Governance and Compliance. You will plan, lead and develop documentation of the information security control requirements of ISO127000 series/NIST 800-53. You will examine existing system and business processes and identify opportunities to increase controls efficiencies while maintaining internal control effectiveness. This will include conducting reviews, recommending solutions and monitoring the implementation of changes required by annual process flowcharts/walk-throughs and general information security control testing. Additionally, the control manager will coordinate and deliver training for control owners on their responsibilities and control tester expectations. YOU'RE GOOD AT
Collaborating with technology groups or vendors at all levels to design, standardize, implement information systems controls which mitigate or prevent material loss influenced by ISO127000 series standards, NIST 800-53 or similar control framework domain.
Supervising Vendor/Contingent Labor Supervision involved in control process
Partnering with Security Architecture and Secure Supplier teams to manage Controls Coordination
Drive Process Improvement through streamlining processes, leading process change and directing implementation of automated internal controls.
Maintaining Controls Environment Documentation including control matrices, narratives, and process flows
Risk Mitigation and Controls Remediation Programming through identification of security related risks, maintenance and monitoring and facilitation of remediation activities
YOU BRING (EXPERIENCE & QUALIFICATIONS)
8+ Years as an information systems auditor of 8+ years working through an IT controls function
Professional Services company exposure through audit or direct employment, a plus.
Working in a non-regulated sector and designing minimum viable controls for cybersecurity
Experience designing and developing information systems controls beyond financial management or SOX standards
Previous information security / cybersecurity controls experience specifically with Oracle (8 years including 3 years information security testing) required.
Baccalaureate degree in management information systems or computer science or similar (master's degree a plus).
Controls focus skills
Experience designing or auditing controls for an enterprise architecture
Previous segregation of duties design and auditing experience
Access Recertification testing and design, and auditing experience
Identity and access management improvement experience
Cloud control design experience with AWS/Google Cloud/Azure, a plus
Management and organizational skills
Proven ability to influence at all levels of the organization without formal authority and work closely with Technology groups and executive management.
Maintenance of technical competence in current auditing practices, compliance policies and government regulations.
Appetite for leadership and strong project management skills; adept at troubleshooting and persistent at achieving results.
Exceptional written & oral communication skills required including responding and articulating processes and issues related to cybersecurity controls
Proficient in Microsoft Office suite of applications
YOU'LL WORK WITH This team member will work across the Information Security Organization to draw connectivity and controls management between application security, vulnerability management, enterprise architecture, and strategy, governance and compliance. This team member will additionally be critical in building relationships between the global risk function, IT, and information security. BCG's continued growth and acquisitions will also require continued insight and support from the controls manager to homogenize processes and bring a consistent information security framework to BCG. ADDITIONAL INFORMATION Candidates should be aware that BCG currently maintains a policy requiring all US & Canada based employees to be fully vaccinated against COVID-19. Newly hired employees must be fully vaccinated prior to their employment start date. BCG is an equal opportunity employer and will provide a reasonable accommodation to those unable to be vaccinated for medical or religious reasons where it is not an undue hardship to the company to do so as provided under applicable federal, state, provincial and local law.
The Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, protected veteran status, or any other characteristic protected under federal, state or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.